Just as a warning, the pam package in rawhide is broken for SELinux; non-root logins will fail under console login, gdm, or ssh when in enforcing mode. I think that this is due to a bug in pam_unix related to execution of the chkpwd helper program. In permissive mode, pam_unix doesn't need to run the helper program, as it can directly read /etc/shadow itself. Fixed pam is available from Dan's site ftp://people.redhat.com/dwalsh/SELinux/Fedora. -- Stephen Smalley <sds@xxxxxxxxxxxxxx> National Security Agency
