Re: SELinux and SETroubleshootd woes in CR

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



>
>
Do you have the
>
>
> allow_httpd_mod_auth_pam
>
> boolean turned on?
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iEYEARECAAYFAk6wVZgACgkQrlYvE4MpobOg8gCgzbPmuUBJJ20iBhAQnCoTvZVU
> NfUAoLz5TplWxxflLWscqc7Vc7RHahvj
> =UYqX
> -----END PGP SIGNATURE-----
>

(Accidentally sent as quote )

Ah! I did not know about setsebool.

It's now not failing on SELinux (at least that I can tell).  Now I get this
in /var/log/secure...

Nov  1 16:08:07 host unix_chkpwd[22541]: check pass; user unknown
Nov  1 16:08:07 host unix_chkpwd[22541]: password check failed for user
(treydock)
Nov  1 16:08:07 host httpd: pam_unix(httpd:auth): authentication failure;
logname= uid=48 euid=48 tty= ruser= rhost=  user=treydock
Nov  1 16:08:07 host httpd: pam_krb5[8049]: error reading keytab
'FILE:/etc/krb5.keytab'
Nov  1 16:08:07 host httpd: pam_krb5[8049]: TGT verified
Nov  1 16:08:07 host httpd: pam_krb5[8049]: authentication succeeds for
'treydock' (treydock@xxxxxxxx)
Nov  1 16:08:07 host unix_chkpwd[22545]: could not obtain user info
(treydock)


The keytab error is expected, because to authenticate with my university's
Kerberos system it's without adding my server to the their databases.  I
have other servers on CentOS 5 and 6 running this just fine, so and right
now SELinux is the only difference between them.

Also, I'm still concerned I never got an email from setroubleshootd about
the denials that are now fixed by using setsebool.  Any steps I can take to
troubleshoot the problem?

Thanks
- Trey
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux