Red Hat Bugzilla – Bug 373341
SELinux prevents saslauthd from authenticating NIS users
Last modified: 2007-12-10 15:55:04 EST
Description of problem:
Sendmail is configured to allow SMTP AUTH. SMTP authentication is handled by
saslauthd. The system is configured to use NIS for authentication. When SMTP
authentication is attempted and valid credentials are supplied, authentication
fails. AVC denials for saslauthd are logged (only if all audit messages are
enabled with enableaudit.pp).
The following SELinux policy rules were found to resolve the situation:
allow saslauthd_t reserved_port_type:udp_socket name_bind;
allow saslauthd_t self:capability net_bind_service;
The issue is similar to issue #320461.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Enable SMTP AUTH in sendmail.cf
2. Start saslauthd
3. Configure email client to authenticate to SMTP server
4. Attempt to send email.
Valid user credentials are rejected
Valid user credentials are accepted
Fixed in selinux-policy-2.6.4-56.fc8
Sorry for delay in testing. I am now running selinux-policy-2.6.4-59.fc7. The
issue is fixed.