[Spacewalk-list] PAM winbind support
Brown, Rodrick
rbrown at knight.com
Wed May 2 15:21:53 UTC 2012
The problem was something very silly it seems
In my /etc/rhn/rhn.conf I had the following entry
pam_auth_service = rhn-satellite
However my pam file was called /etc/pam.d/rhn_satellite
It would be nice if rhn was able to throw an exception if it can't read the pam file.
After change the file name to rhn_satellite everything worked fine.
From: spacewalk-list-bounces at redhat.com [mailto:spacewalk-list-bounces at redhat.com] On Behalf Of Paul Robert Marino
Sent: Tuesday, May 01, 2012 6:09 PM
To: spacewalk-list at redhat.com
Subject: Re: [Spacewalk-list] PAM winbind support
Or it could be selinux you may want to check your audit log.
And just incase you are not familiar with selinux the audit2allow tool along with the fixfiles tool are really simple
On May 1, 2012 5:42 PM, "Parsons, Aron" <parsonsa at bit-sys.com<mailto:parsonsa at bit-sys.com>> wrote:
It should still work fine; the 1.7 upgrade didn't break the two servers I have using winbind. Remember that the process doing the PAM conversation is non-root unlike most other PAM-enabled services, so it may just be a simple permissions issue. The likely culprit is the system keytab if you have Kerberos enabled.
/aron
-----Original Message-----
Message: 1
Date: Tue, 1 May 2012 13:46:31 -0400
From: "Brown, Rodrick" <rbrown at knight.com<mailto:rbrown at knight.com>>
To: "spacewalk-list at redhat.com<mailto:spacewalk-list at redhat.com>" <spacewalk-list at redhat.com<mailto:spacewalk-list at redhat.com>>
Subject: [Spacewalk-list] PAM winbind support
Message-ID:
<C9C3C7FC93B40A4DA409F4B1ACB610991DBDFDEE7C at EXCHANGE10.global.knight.com<mailto:C9C3C7FC93B40A4DA409F4B1ACB610991DBDFDEE7C at EXCHANGE10.global.knight.com>>
Content-Type: text/plain; charset="us-ascii"
Does spacewalk 1.7 still support PAM w/winbind ?
After doing an upgrade to 1.7 I'm getting the following error in my tomcat logs
2012-05-01 13:39:07,267 [TP-Processor2] WARN com.redhat.rhn.domain.user.legacy.UserImpl - PAM login for user User XXXXX (id 25, org_id 1) failed with error Authentication failure.
I'm no longer able to login via spacewalk web with my PAM winbind setup.
If I disable PAM authentication works fine.
--RB
_______________________________________________
Spacewalk-list mailing list
Spacewalk-list at redhat.com<mailto:Spacewalk-list at redhat.com>
https://www.redhat.com/mailman/listinfo/spacewalk-list
Please visit our website for important disclaimers/disclosures regarding Knight's products and services:
http://knight.com/KnightEmailDisclaimer.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20120502/c9277695/attachment.htm>
More information about the Spacewalk-list
mailing list