Bug 703379

Summary: Can't register systems with satellite using PAM auth + SELinux Enforcing
Product: Red Hat Satellite 5 Reporter: Jan Pazdziora <jpazdziora>
Component: Docs Release NotesAssignee: Lana Brindley <lbrindle>
Status: CLOSED CURRENTRELEASE QA Contact: ecs-bugs
Severity: medium Docs Contact:
Priority: medium    
Version: 541CC: cperry, jpazdziora, mhideo, mmello, pep, slukasik
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: Satellite 5.3 on RHEL 5.5 x86_64 with SELinux in Enforcing mode when allow_httpd_mod_auth_pam SELinux boolean is not set Consequence: System registration by Satellite users with Kerberos PAM authentication will fail. Workaround: set allow_httpd_mod_auth_pam SELinux boolean to TRUE Result: Users can register systems using Kerberos authentication Running RHN Satellite 5.3 on RHEL 5.5 64 bit systems, with SELinux in Enforcing mode, and without setting the allow_httpd_mod_auth_pam SELinux boolean can lead to system registration with Kerberos PAM authentication to fail. To work around this issue, set the allow_httpd_mod_auth_pam SELinux boolean to TRUE so that users can register systems using Kerberos authentication.
 Story Points: ---
Clone Of: 639110 Environment:
Last Closed: 2011-06-16 22:33:08 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 639110    
Bug Blocks: 677505    

Comment 1 Lana Brindley 2011-06-06 20:58:45 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause: Satellite 5.3 on RHEL 5.5 x86_64 with SELinux in Enforcing mode when allow_httpd_mod_auth_pam SELinux boolean is not set

Consequence: System registration by Satellite users with Kerberos PAM authentication will fail.

Workaround: set allow_httpd_mod_auth_pam SELinux boolean to TRUE

Result: Users can register systems using Kerberos authentication
Comment 2 Lana Brindley 2011-06-07 18:21:50 UTC 
    Technical note updated. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    Diffed Contents:
@@ -4,4 +4,7 @@
 
 Workaround: set allow_httpd_mod_auth_pam SELinux boolean to TRUE
 
-Result: Users can register systems using Kerberos authentication+Result: Users can register systems using Kerberos authentication
+
+
+Running RHN Satellite 5.3 on RHEL 5.5 64 bit systems, with SELinux in Enforcing mode, and without setting the allow_httpd_mod_auth_pam SELinux boolean can lead to system registration with Kerberos PAM authentication to fail. To work around this issue, set the allow_httpd_mod_auth_pam SELinux boolean to TRUE so that users can register systems using Kerberos authentication.
Comment 3 Lana Brindley 2011-06-16 22:33:08 UTC 
5.4.1 Satellite books are now available on docs.redhat.com. Please raise a new
bug for any issues.

LKB