[Spacewalk-list] CentOS 7.4 + Spacewalk 2.6: PAM fails because of SELinux
Michael Mraka
michael.mraka at redhat.com
Thu Jan 4 09:26:26 UTC 2018
Olli Rajala:
> > Hi Michael,
> >
> > Hello Olli,
> >
> >> This issue has been already fixed in Spacewalk 2.7 (together with number
> >> of other tomcat_t issues). Is there a specific reason why you are
> >> usingolder (and unsupported) version?
> >>
> >>
> > Oh, thanks for info! There is no reason, I had actually missed that 2.7
> > was released. So, maybe I'll just test and report back how it went.
> >
> >
> SELinux issue seem to be resolved, it's not causing anymore any audit
> things to /var/log/audit/audit.log, but still PAM is not working.
>
> My config is based on this howto:
> https://access.redhat.com/documentation/en-us/red_hat_network_satellite/5.3/html/installation_guide/s1-maintenance-pam-auth
Please check newer documentation at
https://access.redhat.com/documentation/en-us/red_hat_satellite/5.8/html/installation_guide/chap-authentication#Implementing_PAM_Authentication
> /var/log/messages says:
>
> Jan 3 15:36:58 java: pam_krb5[18217]: error reading keytab
> 'FILE:/etc/krb5.keytab'
> Jan 3 15:36:58 java: pam_krb5[18217]: TGT verified
> Jan 3 15:36:58 java: pam_krb5[18217]: authentication succeeds for
> '<account>' (<account>@domain.invalid)
>
> But login via Webui says "Either the password or username is incorrect."
>
> This account has 'Use PAM' enabled in Spacewalk webui -> Users and has
> Organization Administrator -role in use.
>
> Upgrade from 2.6 -> 2.7 went fine without errors. This is Centos 7 server.
>
> Any ideas what else to check? The working 2.6 installation in Centos 6
> causes also that same keytab error line to /var/log/messages so I suppose
> it doesn't matter.
What kind of authentication is behind your PAM? Is it LDAP?
Regards,
--
Michael Mráka
System Management Engineering, Red Hat
More information about the Spacewalk-list
mailing list