On 04/13/2012 01:06 AM, Braden McDaniel wrote: > On Thu, 2012-04-12 at 22:55 -0400, Daniel J Walsh wrote: >> On 04/12/2012 08:47 PM, Braden McDaniel wrote: > > [snip] > >>> I am using Kerberos for authentication; but I'm using LDAP for user >>> information. >>> >>> (Though I get the impression that login is currently falling back to >>> local authentication; because I don't have a Kerberos ticket after I >>> log in.) >>> >> But you are not use sssd for this. > > I am under the impression that I am using sssd. > >> Anyways do you still believe you are having SELinux issues? > > Since I haven't seen any more alerts, I don't think I am. If you are > sufficiently curious, I can unset authlogin_nsswitch_use_ldap and see what > happens. > Basically in Fedora 16 we turned off the ability for apps that did getpw() from being able to connect to the ldap port, by default. Turning that boolean on, allows all domains that call getpw to connect to the ldap port. We turned this off because sssd now connects to ldap if it is setup and apps calling getpw talk to sssd rather then ldap. We have seen some daemons (samba) that talk directly that we have broken with this change, but I believe the fixes are going into Fedora now. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
