Bug 208528 - After a period of time dovecot stops lettting people login
Summary: After a period of time dovecot stops lettting people login
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: dovecot
Version: 5
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Tomas Janousek
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-09-29 07:12 UTC by Chris Jones
Modified: 2014-01-21 22:55 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-01-04 15:06:53 UTC


Attachments (Terms of Use)

Description Chris Jones 2006-09-29 07:12:53 UTC
Description of problem:
On a system useing the defualt config, after a period of time dovecot fails to
authenticate new logins, giving the error Can't connect to auth server at
default: Resource temporarily unavailable. Dovecot has to be restarted before it
works again.

Version-Release number of selected component (if applicable):
dovecot-1.0-0.beta8.2.fc5

How reproducible:
Very - Happend at least every other day this week.

Steps to Reproduce:
1. Install dovecot
2. Use on a fairly busy system
3. 
  
Actual results:
Sep 26 21:21:27 silver dovecot: imap-login: Can't connect to auth server at
default: Resource temporarily unavailable
Sep 26 21:21:32 silver dovecot: imap-login: Can't connect to auth server at
default: Resource temporarily unavailable
Sep 26 21:21:47 silver dovecot: imap-login: Can't connect to auth server at
default: Resource temporarily unavailable
Sep 26 21:22:22 silver dovecot: imap-login: Can't connect to auth server at
default: Resource temporarily unavailable
Sep 26 21:22:24 silver dovecot: imap-login: Can't connect to auth server at
default: Resource temporarily unavailable
Sep 26 21:22:27 silver dovecot: imap-login: Can't connect to auth server at
default: Resource temporarily unavailable
Sep 26 21:22:39 silver dovecot: imap-login: Can't connect to auth server at
default: Resource temporarily unavailable
Sep 26 21:23:27 silver dovecot: imap-login: Can't connect to auth server at
default: Resource temporarily unavailable
Sep 26 21:23:39 silver dovecot: imap-login: Can't connect to auth server at
default: Resource temporarily unavailable
Sep 26 21:24:07 silver dovecot: imap-login: Can't connect to auth server at
default: Resource temporarily unavailable
Sep 26 21:24:09 silver dovecot: imap-login: Can't connect to auth server at
default: Resource temporarily unavailable

Expected results:
Login ok

Additional info:

Comment 1 Chris Jones 2006-09-30 20:30:49 UTC
dovecot-auth doesn't seem happy, I've had to kill of 627 dovecot-auth process on
our server, the following selinux messages are also present...

audit(1159635518.756:18202): avc:  denied  { read write } for  pid=1835
comm="dovecot-auth" name="utmp" dev=sdb3 ino=13945543
scontext=user_u:system_r:dovecot_auth_t:s0
tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file
audit(1159635518.760:18203): avc:  denied  { read } for  pid=1835
comm="dovecot-auth" name="utmp" dev=sdb3 ino=13945543
scontext=user_u:system_r:dovecot_auth_t:s0
tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file
audit(1159635518.760:18204): avc:  denied  { read write } for  pid=1835
comm="dovecot-auth" name="utmp" dev=sdb3 ino=13945543
scontext=user_u:system_r:dovecot_auth_t:s0
tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file
audit(1159635518.760:18205): avc:  denied  { read } for  pid=1835
comm="dovecot-auth" name="utmp" dev=sdb3 ino=13945543
scontext=user_u:system_r:dovecot_auth_t:s0
tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file
audit(1159635518.808:18206): avc:  denied  { write } for  pid=1836 comm="imap"
name="loki" dev=md0 ino=65471351 scontext=user_u:system_r:dovecot_t:s0
tcontext=user_u:object_r:home_root_t:s0 tclass=dir


Comment 2 Chris Jones 2006-10-02 11:17:11 UTC
We're still having problems with dovecot and selinux has been turned off.

Oct  2 00:04:02 silver dovecot-auth: pam_ldap: error trying to bind as user 
"uid=cu,ou=People,dc=sucs,dc=org" (Invalid credentials)
Oct  2 10:14:35 silver dovecot-auth: pam_ldap: error trying to bind as user 
"uid=stringfellow,ou=People,dc=sucs,dc=org" (Invalid credentials)
Oct  2 10:16:26 silver dovecot-auth: pam_ldap: error trying to bind as user 
"uid=engineering,ou=People,dc=sucs,dc=org" (Invalid credentials)

Suggest that the problem is related to having our users in ldap... but other services dont seem to be 
having such problems.

Comment 3 Chris Jones 2006-10-06 13:43:13 UTC
Getting dovecot to talk strait to the ldap server seems to help.

Comment 4 Petr Rockai 2006-10-11 16:33:11 UTC
I am trying to think of a reason why this would happen, but nothing comes to 
my mind. Especially if you say that pam_ldap works from other services as 
expected. And i assume the credentials are all right? It's definitely weird 
that both dovecot<->ldap and others<->pam<->ldap work, but 
dovecot<->pam<->ldap doesn't...

Comment 5 Tomas Janousek 2007-04-06 13:36:10 UTC
This seems to be caused by bug 154314.

Comment 6 Tomas Janousek 2008-01-04 14:05:04 UTC
Hm, bug 154314 has been fixed for some time, I guess we can close this?

Comment 7 Chris Jones 2008-01-04 15:02:39 UTC
The FC5 system this bug was reported on saw all sorts of weird ldap/nss/nscd/pam
problems though its life. You can be fairly sure its not a dovecot bug...

Comment 8 Tomas Janousek 2008-01-04 15:06:53 UTC
Ok, closing.


Note You need to log in before you can comment on or make changes to this bug.