Description of problem: I was testing out the Spacewalk IPA instructions on a Satellite 5.7 system: https://fedorahosted.org/spacewalk/wiki/SpacewalkAndIPA I ran into some SELinux trouble though. I had the httpd_dbus_sssd Boolean switched to on but I still couldn't login. When I set SELinux to permissive, I could login When I set SELinux back to enforcing, I couldn't login again. I tested out a number of other possible related Booleans and was able to successfully login when I switched the allow_httpd_mod_auth_pam Boolean. Version-Release number of selected component (if applicable): 5.7 How reproducible: Always Steps to Reproduce: 1. Configure Satellite 5.7 to use an IPA Server as per upstream Spacewalk instructions 2. Can't login with SELinux enabled 3. setsebool -P allow_httpd_mod_auth_pam on 4. Login works Actual results: Expected results: Additional info: I spoke with tlestach regarding this issue and he recommended filing a bug. However, it might be just a case of me documenting the need for the allow_httpd_mod_auth_pam Boolean.
Please confirm if this is a code/script change, vs passing it back over to Docs.
It is required to to set allow_httpd_mod_auth_pam on. Change: https://fedorahosted.org/spacewalk/wiki/SpacewalkAndIPA?action=diff&version=16&old_version=15
Moving to 'Documentation' Component.
Note that if https://github.com/spacewalkproject/spacewalk/pull/178 is reviewed, merged, and shipped with Satellite 5.7, the need for a detailed documentation of the setup might go away. The proposed spacewalk-setup-ipa-authentication contains the allow_httpd_mod_auth_pam setsebool.
So the script is now in 5.7. The documentation has been modified to use this script and pushed live. The full procedure is here: http://documentation-devel.engineering.redhat.com/site/documentation/en-US/Red_Hat_Satellite/5.7/html/Installation_Guide/ch06s02.html
The live location is https://access.redhat.com/documentation/en-US/Red_Hat_Satellite/5.7/html/Installation_Guide/ch06s02.html Thank you!