RE: SELinux + pam_ldap + sudo

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> Le 17/02/2011 15:22, Marti, Robert a Ãcrit :
> > That doesn't seem like SELinux is interfering, it seems like an issue
> > contacting the ldap server. If it was an SELinux issue there would be
> > avc denials in /var/log/messages and Permissive mode would not block
> > anything.
> 
> As I said in my first message : "pam_ldap is correctly configured : I can
> perform an authentication on a ssh connection".
> 
> So there is absolutely no problem contacting the LDAP server : I have a user
> account with no password and I can open a ssh session on this server using
> my LDAP credentials...

SELinux is good about one thing - it logs excessive amounts of information when it "interferes" with something.
If you don't have any SELinux errors logged in /var/log/messages (or /var/log/audit/audit.log) SELinux isn't interfering, at all.
If you're still convinced it's SELinux, disable it and see (requires a reboot).  If it magically works, I'd love to see ls -lZ /etc/pam.d/s* and any AVCs in /var/log/messages.
 
> I really think that's a SELinux issue misreporting an LDAP problem... I had the
> same problem with a fresh install of RHEL6 and SELinux activated
> : I could not make Kerberos/SSH keyts to work.
> 

That sounds like a file labeling issue - not a SELinux one.  Again, AVCs would/should help you figure it out.

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list



[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux