SELinux preventing login (Fedora 16)
Braden McDaniel
braden at endoframe.com
Sat Apr 14 01:35:34 UTC 2012
On Fri, 2012-04-13 at 10:31 -0400, Daniel J Walsh wrote:
> On 04/13/2012 01:06 AM, Braden McDaniel wrote:
> > On Thu, 2012-04-12 at 22:55 -0400, Daniel J Walsh wrote:
[snip]
> >> Anyways do you still believe you are having SELinux issues?
> >
> > Since I haven't seen any more alerts, I don't think I am. If you are
> > sufficiently curious, I can unset authlogin_nsswitch_use_ldap and see what
> > happens.
>
> Basically in Fedora 16 we turned off the ability for apps that did getpw()
> from being able to connect to the ldap port, by default. Turning that boolean
> on, allows all domains that call getpw to connect to the ldap port. We turned
> this off because sssd now connects to ldap if it is setup and apps calling
> getpw talk to sssd rather then ldap. We have seen some daemons (samba) that
> talk directly that we have broken with this change, but I believe the fixes
> are going into Fedora now.
Well, I turned off authconfig_nsswitch_use_ldap; and I'm still not
seeing any alerts. Perhaps the alert I saw that recommended this was
one leftover from before the last relabel I did.
--
Braden McDaniel <braden at endoframe.com>
More information about the users
mailing list