[OpenAFS] pam

Simon Wilkinson sxw@inf.ed.ac.uk
Thu, 5 Apr 2007 17:11:34 +0100 (BST)

On Thu, 5 Apr 2007, Alan Hoyle wrote:
>> Have you got SELinux running in enforcing mode?
> SELinux is installed and is apparently in enforcing mode.  It's
> apparently in "targeted" mode as well.
> Should I change this configuration?

In theory not, as SELinux provides you with additional safety and security 
benefits. In practice, it's often easier to disable it than to get 
everything to work correctly with it. Your mileage may vary ...

The error you're seeing is generally caused by the PAM module not being
correctly labelled - you should be able to fix it by doing

chcon -t textrel_shlib_t /lib/security/pam_afs.krb.so

If this doesn't solve it, then there may be some avc: denied messages in
/var/log/messages which give further clues as to the problem.

Out of interest - is this PAM module locally built, or from a distributed