On a stock install of RHEL5, I install cyrus-sasl and nss_ldap. I then configure /etc/ldap.conf and the relavent files in /etc/pam.d. saslauthd is then unable to process authentication events through pam. The logged events are: kernel: audit(1185169532.791:24): avc: denied { read } for pid=2055 comm="saslauthd" name="imap" dev=xvda1 ino=2162692 scontext=root:system_r:saslauthd_t:s0 tcontext=root:object_r:tmp_t:s0 tclass=file kernel: audit(1185172800.708:42): avc: denied { getattr } for pid=5906 comm="saslauthd" name="imap" dev=xvda1 ino=2162691 scontext=root:system_r:saslauthd_t:s0 tcontext=root:object_r:tmp_t:s0 tclass=file I am able to work around the problem by doing 'allow saslauthd_t tmp_t:file { getattr read };'
I suppose the imap file is pam configuration for the imap service? Then restorecon on that file should be able to set the proper context on it.