Re: SELinux preventing login (Fedora 16)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

On 04/13/2012 01:06 AM, Braden McDaniel wrote:
> On Thu, 2012-04-12 at 22:55 -0400, Daniel J Walsh wrote:
>> On 04/12/2012 08:47 PM, Braden McDaniel wrote:
> 
> [snip]
> 
>>> I am using Kerberos for authentication; but I'm using LDAP for user 
>>> information.
>>> 
>>> (Though I get the impression that login is currently falling back to
>>> local authentication; because I don't have a Kerberos ticket after I
>>> log in.)
>>> 
>> But you are not use sssd for this.
> 
> I am under the impression that I am using sssd.
> 
>> Anyways do you still believe you are having SELinux issues?
> 
> Since I haven't seen any more alerts, I don't think I am.  If you are 
> sufficiently curious, I can unset authlogin_nsswitch_use_ldap and see what
> happens.
> 


Basically in Fedora 16 we turned off the ability for apps that did getpw()
from being able to connect to the ldap port, by default.  Turning that boolean
on, allows all domains that call getpw to connect to the ldap port.  We turned
this off because sssd now connects to ldap if it is setup and apps calling
getpw talk to sssd rather then ldap.  We have seen some daemons (samba) that
talk directly that we have broken with this change, but I believe the fixes
are going into Fedora now.

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org



Photo 4 Less

[Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Find Someone Special]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

Add to Google Powered by Linux