On Sun, 2008-11-30 at 10:58 -0600, Xavier Toth wrote: > On Sat, Nov 29, 2008 at 7:25 PM, Justin P. Mattock > <justinmattock@xxxxxxxxx> wrote: > > Hello; > > after loading the latest policycoreutils > > I'm experiencing a bit of difficulties trying > > to understand how to set: > > /etc/selinux/newrole_pam.conf > > (what do I put in there?) > > I have: /usr/bin/aterm /etc/pam.d/test > > in there, and in > > /etc/pam.d/test I have: > > auth required /lib/security/pam_unix.so > > > > but, unfortunantly receive a no password error > > when wanting to change roles. > > > > after looking at auth.log I see a: > > newrole: PAM _pam_load_conf_file: unable to open /etc/pam.d/system-auth > > > > If I make: /etc/pam.d/system-auth > > newrole will work perfectly until > > I go and write the allow rules, > > and put the policy into enforcing mode. > > > > What or were do I find the info on what > > to put in /etc/selinux/newrole_pam.conf > > and so forth to have this new way > > for newrole work? > > > > regards; > > > > -- > > Justin P. Mattock <justinmattock@xxxxxxxxx> > > > > > > -- > > This message was distributed to subscribers of the selinux mailing list. > > If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with > > the words "unsubscribe selinux" without quotes as the message. > > > > man newrole > > newrole_pam.conf contains mappings of applications to pam > configuration files to be used. Each line contains the executable file > name followed by the name of a pam config file that exists in > /etc/pam.d. Thanks for the help with this. (I'll have a look in the manual). What about setting pam_namespace i.g. does this have to be set correctly to acquire the right capability, or does it not matter if you have namespace or not? regards; -- Justin P. Mattock <justinmattock@xxxxxxxxx> -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
