[OpenAFS] pam
Simon Wilkinson
sxw@inf.ed.ac.uk
Thu, 5 Apr 2007 17:11:34 +0100 (BST)
On Thu, 5 Apr 2007, Alan Hoyle wrote:
>> Have you got SELinux running in enforcing mode?
>
> SELinux is installed and is apparently in enforcing mode. It's
> apparently in "targeted" mode as well.
>
> Should I change this configuration?
In theory not, as SELinux provides you with additional safety and security
benefits. In practice, it's often easier to disable it than to get
everything to work correctly with it. Your mileage may vary ...
The error you're seeing is generally caused by the PAM module not being
correctly labelled - you should be able to fix it by doing
chcon -t textrel_shlib_t /lib/security/pam_afs.krb.so
If this doesn't solve it, then there may be some avc: denied messages in
/var/log/messages which give further clues as to the problem.
Out of interest - is this PAM module locally built, or from a distributed
package?
Simon.