FC5 LDAP issues
Stephen Smalley
sds at tycho.nsa.gov
Thu Mar 30 19:58:35 UTC 2006
On Thu, 2006-03-30 at 13:42 -0600, Jason L Tibbitts III wrote:
> I've noticed that the behavior of my FC5 system differs dramatically
> depending on whether nscd is running. User info is stored in LDAP,
> and if nscd is running then applications talk to it. But if it's not
> running then the applications (or libc, at least) talk to the network
> themselves. This gets denied by selinux and things break. Most
> notably, the system won't even boot, because dbus just hangs forever
> spewing AVC messages to the console.
>
> So I wonder if the intention is to make nscd mandatory, or if failures
> due to a lack of nscd are considered problematic. I have nothing
> against nscd, but I don't generally turn it on until after the system
> boots and has time to pull down configuration information so that
> encrypted ldap works. Obviously I'll be reworking my installation
> scripts to work around this.
Does 'setsebool -P allow_ypbind=1' help? Same issue applies for NIS
(w/o nscd), and that boolean is intended to allow necessary network
access.
--
Stephen Smalley
National Security Agency
More information about the selinux
mailing list