[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: semodule
- From: Stephen Smalley <sds tycho nsa gov>
- To: Vadym Chepkov <chepkov yahoo com>
- Cc: Daniel J Walsh <dwalsh redhat com>, fedora-selinux-list redhat com
- Subject: Re: semodule
- Date: Fri, 05 Jun 2009 11:12:50 -0400
On Fri, 2009-06-05 at 11:09 -0400, Stephen Smalley wrote:
> On Fri, 2009-06-05 at 08:09 -0700, Vadym Chepkov wrote:
> > --- On Fri, 6/5/09, Stephen Smalley <sds tycho nsa gov> wrote:
> >
> > > Found this thread:
> > > http://www.mail-archive.com/samba lists samba org/msg15640.html
> > >
> > > Can you configure winbind with use default domain=yes?
> > >
> >
> > I do have have such setup. Both type of users are affected: local and "winbind"
>
> Can you append "debug" to the arguments to the latter instance of
> pam_selinux.so, e.g.:
> session required pam_selinux.so open env_params debug
>
> And then login again via ssh and look in /var/log/secure?
Hmmm...btw, I notice that order of entries has changed in /etc/pam.d in
F11 from F10, with the:
session include system-auth
line at the end of /etc/pam.d/sshd rather than between the two
pam_selinux instances.
So maybe the problem is that when you upgraded, it didn't replace your
pam config due to your local configuration of winbind, and thus you
didn't get that ordering change.
I know that they reworked the way sshd interacts with pam_selinux.
--
Stephen Smalley
National Security Agency
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]