http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=492024 I've just filed the above bug report because using the user/role syntax of logging in to an ssh server causes the authorized_keys file to be ignored. I believe that the current functionality in this regard is broken, but I am not certain that merely using the authorized_keys file in all situations is correct. I think that it might be worth implementing a check similar to the check made when running a cron job. So if user_home_ssh_t is not an entry-point for the sysadm_t domain then a key in a file of that type would not be usable to authenticate such a session. What do you think? -- russell@xxxxxxxxxxxx http://etbe.coker.com.au/ My Blog http://www.coker.com.au/sponsorship.html Sponsoring Free Software development -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
