> Le 17/02/2011 15:22, Marti, Robert a Ãcrit : > > That doesn't seem like SELinux is interfering, it seems like an issue > > contacting the ldap server. If it was an SELinux issue there would be > > avc denials in /var/log/messages and Permissive mode would not block > > anything. > > As I said in my first message : "pam_ldap is correctly configured : I can > perform an authentication on a ssh connection". > > So there is absolutely no problem contacting the LDAP server : I have a user > account with no password and I can open a ssh session on this server using > my LDAP credentials... SELinux is good about one thing - it logs excessive amounts of information when it "interferes" with something. If you don't have any SELinux errors logged in /var/log/messages (or /var/log/audit/audit.log) SELinux isn't interfering, at all. If you're still convinced it's SELinux, disable it and see (requires a reboot). If it magically works, I'd love to see ls -lZ /etc/pam.d/s* and any AVCs in /var/log/messages. > I really think that's a SELinux issue misreporting an LDAP problem... I had the > same problem with a fresh install of RHEL6 and SELinux activated > : I could not make Kerberos/SSH keyts to work. > That sounds like a file labeling issue - not a SELinux one. Again, AVCs would/should help you figure it out. -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
