Caveat: Broken pam, also latest dev pgks: strict/enforcing boot hangs....

selinux at comcast.net selinux at comcast.net
Fri Jul 30 16:36:59 UTC 2004


Stephen,

Thanks for this update.

Installing the new pam also fixed my booting problem,
where booting was hanging during/after starting cyrus.
(Thanks also to Dan for working on this with me).

tom

---------------------------------------------------------------------------
    * From: Stephen Smalley <sds epoch ncsc mil>
    * Date: Fri, 30 Jul 2004 08:10:54 -0400

Just as a warning, the pam package in rawhide is broken for SELinux;
non-root logins will fail under console login, gdm, or ssh when in
enforcing mode.  I think that this is due to a bug in pam_unix related
to execution of the chkpwd helper program.  In permissive mode, pam_unix
doesn't need to run the helper program, as it can directly read
/etc/shadow itself.  Fixed pam is available from Dan's site
ftp://people.redhat.com/dwalsh/SELinux/Fedora.

-- 
Stephen Smalley <sds epoch ncsc mil>
National Security Agency




More information about the selinux mailing list