I'm having a problem with SELinux on my RHEL6.3 box with SSSD. I write it here cause I imagine you are the best to understand where the problem is :-)

OpenLDAP server -> Pass-Through Authentication by using CyrusSASL configured to leverage PAM -> PAM configured to leverage SSSD

Problem: in Enforcing mode I cannot get authentication, in Permissive mode yes.

The error I'm facing in my /var/log/audit/audit.log is:

type=AVC msg=audit(1357215410.532:82682): avc: denied { connectto } for pid=11638 comm="saslauthd" path="/var/lib/sss/pipes/private/pam" scontext=unconfined_u:system_r:saslauthd_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket
type=SYSCALL msg=audit(1357215410.532:82682): arch=c000003e syscall=42 success=no exit=-13 a0=8 a1=7fff7c1c7440 a2=6e a3=0 items=0 ppid=11635 pid=11638 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=5055 comm="saslauthd" exe="/usr/sbin/saslauthd" subj=unconfined_u:system_r:saslauthd_t:s0 key=(null)
type=USER_AUTH msg=audit(1357215410.532:82683): user pid=11638 uid=0 auid=0 ses=5055 subj=unconfined_u:system_r:saslauthd_t:s0 msg='op=PAM:authentication acct="pippo" exe="/usr/sbin/saslauthd" hostname=? addr=? terminal=? res=failed'

Do you think it's a bug with the selinux-policy distributed with RHEL6.3?

Is there any sebool I have to toggle to being able to make saslauthd connect to the sssd-pam socket?

Thanks in advance as usual!