<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">Michael Mraka <span dir="ltr"><<a href="mailto:michael.mraka@redhat.com" target="_blank">michael.mraka@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Please check newer documentation at<br>
<a href="https://access.redhat.com/documentation/en-us/red_hat_satellite/5.8/html/installation_guide/chap-authentication#Implementing_PAM_Authentication" rel="noreferrer" target="_blank">https://access.redhat.com/<wbr>documentation/en-us/red_hat_<wbr>satellite/5.8/html/<wbr>installation_guide/chap-<wbr>authentication#Implementing_<wbr>PAM_Authentication</a></blockquote><div><br></div><div>Thanks for info, there were two things missing, but fixing those didn't help.</div><div><br></div><div>- Installed pam-devel -package</div><div>- Ran "$ setsebool -P allow_httpd_mod_auth_pam 1". Not sure if this was already on, because getsebool -a doesn't show that.<br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<span class="gmail-"><br>
> Any ideas what else to check? The working 2.6 installation in Centos 6<br>
> causes also that same keytab error line to /var/log/messages so I suppose<br>
> it doesn't matter.<br>
<br>
</span>What kind of authentication is behind your PAM? Is it LDAP?<br></blockquote></div></div><div class="gmail_extra"><br></div><div class="gmail_extra">ActiveDirectory/kerberos, so /etc/pam.d/rhn-satellite is based on the Kerberos version.</div><div class="gmail_extra"><br></div><div class="gmail_extra">I had missed yesterday that /var/log/messages has also something related to this issue. <br></div><div class="gmail_extra"><br></div><div class="gmail_extra">Jan  4 11:50:55 server: 2018-01-04 11:50:55,761 [ajp-bio-0:0:0:0:0:0:0:1-8009-exec-6] WARN  com.redhat.rhn.domain.user.legacy.UserImpl - PAM login for user User <user> (id <id>, org_id <org_id>) failed with error System error.<br>Jan  4 11:50:57 server: 2018-01-04 11:50:57,762 [ajp-bio-0:0:0:0:0:0:0:1-8009-exec-6] INFO  com.redhat.rhn.frontend.action.LoginAction - LOCAL AUTH FAILURE: <user><br></div><div class="gmail_extra"><br></div><div class="gmail_extra">The success message was actually in /var/log/secure so it seems that PAM itself is satisfied but there is some issue between PAM and Spacewalk.<br></div><div class="gmail_extra"></div><div class="gmail_extra"><span class="gmail-im"><br></span><span class="gmail-im">Jan  4 11:50:55 java: pam_krb5[18217]: error reading keytab<br>'FILE:/etc/krb5.keytab'<br></span><span class="gmail-im">Jan  4 11:50:55 java: pam_krb5[18217]: TGT verified<br></span><span class="gmail-im">Jan  4 11:50:55 java: pam_krb5[18217]: authentication succeeds for<br>'<account>' (<account>@domain.invalid)</span></div><div class="gmail_extra"><br></div><div class="gmail_extra">BR,<br></div><div class="gmail_extra">-- <br><div class="gmail_signature">Olli Rajala<br>Finland<br><br></div>
</div></div>