[Spacewalk-list] CentOS 7.4 + Spacewalk 2.6: PAM fails because of SELinux
Olli Rajala
olli.rajala at ravoltek.net
Wed Jan 3 13:55:54 UTC 2018
On Wed, Jan 3, 2018 at 2:35 PM, Olli Rajala <olli.rajala at ravoltek.net>
wrote:
> Hi Michael,
>
> Hello Olli,
>
>>
>> This issue has been already fixed in Spacewalk 2.7 (together with number
>> of other tomcat_t issues). Is there a specific reason why you are
>> usingolder (and unsupported) version?
>>
>>
> Oh, thanks for info! There is no reason, I had actually missed that 2.7
> was released. So, maybe I'll just test and report back how it went.
>
>
SELinux issue seem to be resolved, it's not causing anymore any audit
things to /var/log/audit/audit.log, but still PAM is not working.
My config is based on this howto:
https://access.redhat.com/documentation/en-us/red_hat_network_satellite/5.3/html/installation_guide/s1-maintenance-pam-auth
/var/log/messages says:
Jan 3 15:36:58 java: pam_krb5[18217]: error reading keytab
'FILE:/etc/krb5.keytab'
Jan 3 15:36:58 java: pam_krb5[18217]: TGT verified
Jan 3 15:36:58 java: pam_krb5[18217]: authentication succeeds for
'<account>' (<account>@domain.invalid)
But login via Webui says "Either the password or username is incorrect."
This account has 'Use PAM' enabled in Spacewalk webui -> Users and has
Organization Administrator -role in use.
Upgrade from 2.6 -> 2.7 went fine without errors. This is Centos 7 server.
Any ideas what else to check? The working 2.6 installation in Centos 6
causes also that same keytab error line to /var/log/messages so I suppose
it doesn't matter.
BR,
--
Olli Rajala
Vaasa, Finland
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20180103/2bc57e95/attachment.htm>
More information about the Spacewalk-list
mailing list