On 02/22/2010 10:31 AM, Alan Rouse wrote:
Justin wrote:
Anyways /etc/pam.d/ has login,gdm,xdm,and sshd.
(and maybe a couple of others)
that need to have pam_selinux.so in them in order to get the user in the right context.
What exactly should I put in those files? Literally just a new line "pam_selinux.so" at the end of the existing file? Or are there other parms on the line?
I modified them as this:
/etc/pam.d/*
cat login
#%PAM-1.0
auth requisite pam_nologin.so
auth [user_unknown=ignore success=ok ignore=ignore auth_err=die
default=bad] pam_securetty.so
auth include common-auth
account include common-account
password include common-password
session required pam_selinux.so close
session required pam_loginuid.so
session include common-session
session required pam_selinux.so open
session required pam_lastlog.so nowtmp
session optional pam_mail.so standard
session optional pam_ck_connector.so
cat gdm
#%PAM-1.0
auth include common-auth
account include common-account
password include common-password
session required pam_selinux.so close
session required pam_loginuid.so
session include common-session
session required pam_selinux.so open
cat xdm
#%PAM-1.0
auth include common-auth
account include common-account
password include common-password
session required pam_selinux.so close
session required pam_loginuid.so
session include common-session
session required pam_selinux.so open
if your going todo any ssh with the policy
in enforcing mode then modify sshd as well
so youu can login correctly.
(off to grab the right info for stephen about /sbin/init).
Jutin P. mattock
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
