Re: SELinux + pam_ldap + sudo



sub@xxxxxxx wrote:
Le 17/02/2011 15:22, Marti, Robert a écrit :
That doesn't seem like SELinux is interfering, it seems like an
issue contacting the ldap server. If it was an SELinux issue there
would be avc denials in /var/log/messages and Permissive mode would
not block anything.

As I said in my first message : "pam_ldap is correctly configured : I
can perform an authentication on a ssh connection".

Um, could it be that ldap is configured correctly for ssh, but not for
something else.
<snip>
I really think that's a SELinux issue misreporting an LDAP problem... I
had the same problem with a fresh install of RHEL6 and SELinux activated
: I could not make Kerberos/SSH keyts to work.

Are there any AVC's related to the LDAP error?

mark

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list



Relevant Pages

  • Re: Spamassassin emails have wrong perms -- CCed to selinux list]
    ... OK, after some more testing, when I disable SELinux, many of the ... arguments to spamd and I'm not using those), but my system uses LDAP ... If you want me to confirm all of this, I can reset the directory context and do some tests, then set up the directory context again and compare that result, somebody just has to ask. ... then the nsswitch libraries would be too. ...
    (Fedora)
  • Re: Fedora Core 5 hangs with ldap configured
    ... Whether I attempt to include ldap during the initial install or add it later Fedora Core 5 seems to always hang at the same point while booting. ... A workaround is to set selinux to permissive. ...
    (linux.redhat)
  • Re: SELinux preventing login (Fedora 16)
    ... When you run in disabled mode, SELinux labels aren't written to the disk ... We just added the ability for samba to use ldap, ... local authentication; because I don't have a Kerberos ticket after I log ...
    (Fedora)
  • Re: SELinux preventing login (Fedora 16)
    ... When you run in disabled mode, SELinux labels aren't written to the disk ... results in lots of denial errors. ... We just added the ability for samba to use ldap, ... To unsubscribe or change subscription options: ...
    (Fedora)
  • Trouble with nss|pam|openldap
    ... It appears as though the system is using ldap, but I can't seem to ssh in as an LDAP user. ... # id testuser seems to work, ... objectClass: person ...
    (freebsd-questions)