Gets 'incorrect password'. Error is: pam_krb5: authentication fails for 'root' (root): Authentication failure (Cannot resolve network address for KDC in requested realm) Why would enforcing mode cause it to look up root in kerberos? Expected results: Additional info:
What versions of anything? Clean install?
Clean install of yesterday, upgraded to 1.8-5. coreutils-5.2.0-8. Still happens.
Seems to be a krb5 thing. Doesn't happen without it configured.
[notting@apone: ~]$ cat /etc/pam.d/system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required /lib/security/$ISA/pam_env.so auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok auth sufficient /lib/security/$ISA/pam_krb5.so use_first_pass auth required /lib/security/$ISA/pam_deny.so account required /lib/security/$ISA/pam_unix.so account [default=bad success=ok user_unknown=ignore service_err=ignore system_err=ignore] /lib/security/$ISA/pam_krb5.so password requisite /lib/security/$ISA/pam_cracklib.so retry=3 type= password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow password sufficient /lib/security/$ISA/pam_krb5.so use_authtok password required /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so session optional /lib/security/$ISA/pam_krb5.so
Any avc messages?
Only the gconv-modules ones.
Aha. In permissive mode: {read} exe=/bin/su name=krb5.conf scontext=:user_u:user_r:user_su_t tcontext=system_u:object_r:krb5_conf_t
Fixed in policy-1.9-15