Bug 208528 - After a period of time dovecot stops lettting people login
After a period of time dovecot stops lettting people login
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: dovecot (Show other bugs)
5
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Janousek
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-09-29 03:12 EDT by Chris Jones
Modified: 2014-01-21 17:55 EST (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-01-04 10:06:53 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Chris Jones 2006-09-29 03:12:53 EDT
Description of problem:
On a system useing the defualt config, after a period of time dovecot fails to
authenticate new logins, giving the error Can't connect to auth server at
default: Resource temporarily unavailable. Dovecot has to be restarted before it
works again.

Version-Release number of selected component (if applicable):
dovecot-1.0-0.beta8.2.fc5

How reproducible:
Very - Happend at least every other day this week.

Steps to Reproduce:
1. Install dovecot
2. Use on a fairly busy system
3. 
  
Actual results:
Sep 26 21:21:27 silver dovecot: imap-login: Can't connect to auth server at
default: Resource temporarily unavailable
Sep 26 21:21:32 silver dovecot: imap-login: Can't connect to auth server at
default: Resource temporarily unavailable
Sep 26 21:21:47 silver dovecot: imap-login: Can't connect to auth server at
default: Resource temporarily unavailable
Sep 26 21:22:22 silver dovecot: imap-login: Can't connect to auth server at
default: Resource temporarily unavailable
Sep 26 21:22:24 silver dovecot: imap-login: Can't connect to auth server at
default: Resource temporarily unavailable
Sep 26 21:22:27 silver dovecot: imap-login: Can't connect to auth server at
default: Resource temporarily unavailable
Sep 26 21:22:39 silver dovecot: imap-login: Can't connect to auth server at
default: Resource temporarily unavailable
Sep 26 21:23:27 silver dovecot: imap-login: Can't connect to auth server at
default: Resource temporarily unavailable
Sep 26 21:23:39 silver dovecot: imap-login: Can't connect to auth server at
default: Resource temporarily unavailable
Sep 26 21:24:07 silver dovecot: imap-login: Can't connect to auth server at
default: Resource temporarily unavailable
Sep 26 21:24:09 silver dovecot: imap-login: Can't connect to auth server at
default: Resource temporarily unavailable

Expected results:
Login ok

Additional info:
Comment 1 Chris Jones 2006-09-30 16:30:49 EDT
dovecot-auth doesn't seem happy, I've had to kill of 627 dovecot-auth process on
our server, the following selinux messages are also present...

audit(1159635518.756:18202): avc:  denied  { read write } for  pid=1835
comm="dovecot-auth" name="utmp" dev=sdb3 ino=13945543
scontext=user_u:system_r:dovecot_auth_t:s0
tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file
audit(1159635518.760:18203): avc:  denied  { read } for  pid=1835
comm="dovecot-auth" name="utmp" dev=sdb3 ino=13945543
scontext=user_u:system_r:dovecot_auth_t:s0
tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file
audit(1159635518.760:18204): avc:  denied  { read write } for  pid=1835
comm="dovecot-auth" name="utmp" dev=sdb3 ino=13945543
scontext=user_u:system_r:dovecot_auth_t:s0
tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file
audit(1159635518.760:18205): avc:  denied  { read } for  pid=1835
comm="dovecot-auth" name="utmp" dev=sdb3 ino=13945543
scontext=user_u:system_r:dovecot_auth_t:s0
tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file
audit(1159635518.808:18206): avc:  denied  { write } for  pid=1836 comm="imap"
name="loki" dev=md0 ino=65471351 scontext=user_u:system_r:dovecot_t:s0
tcontext=user_u:object_r:home_root_t:s0 tclass=dir
Comment 2 Chris Jones 2006-10-02 07:17:11 EDT
We're still having problems with dovecot and selinux has been turned off.

Oct  2 00:04:02 silver dovecot-auth: pam_ldap: error trying to bind as user 
"uid=cu,ou=People,dc=sucs,dc=org" (Invalid credentials)
Oct  2 10:14:35 silver dovecot-auth: pam_ldap: error trying to bind as user 
"uid=stringfellow,ou=People,dc=sucs,dc=org" (Invalid credentials)
Oct  2 10:16:26 silver dovecot-auth: pam_ldap: error trying to bind as user 
"uid=engineering,ou=People,dc=sucs,dc=org" (Invalid credentials)

Suggest that the problem is related to having our users in ldap... but other services dont seem to be 
having such problems.
Comment 3 Chris Jones 2006-10-06 09:43:13 EDT
Getting dovecot to talk strait to the ldap server seems to help.
Comment 4 Petr Rockai 2006-10-11 12:33:11 EDT
I am trying to think of a reason why this would happen, but nothing comes to 
my mind. Especially if you say that pam_ldap works from other services as 
expected. And i assume the credentials are all right? It's definitely weird 
that both dovecot<->ldap and others<->pam<->ldap work, but 
dovecot<->pam<->ldap doesn't...
Comment 5 Tomas Janousek 2007-04-06 09:36:10 EDT
This seems to be caused by bug 154314.
Comment 6 Tomas Janousek 2008-01-04 09:05:04 EST
Hm, bug 154314 has been fixed for some time, I guess we can close this?
Comment 7 Chris Jones 2008-01-04 10:02:39 EST
The FC5 system this bug was reported on saw all sorts of weird ldap/nss/nscd/pam
problems though its life. You can be fairly sure its not a dovecot bug...
Comment 8 Tomas Janousek 2008-01-04 10:06:53 EST
Ok, closing.

Note You need to log in before you can comment on or make changes to this bug.