Red Hat Bugzilla – Bug 220652
LSPP - Role selection at login fails w/ "not a valid security context"
Last modified: 2009-06-19 06:52:20 EDT
Description of problem:
Trying to select a specific role at login time in RHEL5 Beta2 12/18 refresh
fails. After selecting the desired role the system goes back to the role
selection dialog with the error "Not a valid security context."
Logging-in with default role and then newrole'ing to the desired role works fine
which means the security context is valid indeed.
The MLS level selection is working fine.
Tested in RHEL5 Beta2 Server 12/18 refresh installed with the LSPP kickstart
Version-Release number of selected component (if applicable):
Linux ct.ltc.ic.unicamp.br 2.6.18-1.2840.2.1.el5.lspp.57 #1 SMP Fri Dec 8
17:28:15 EST 2006 i686 i686 i386 GNU/Linux
Steps to Reproduce:
In a local console do the following:
1. login: root
2. password: *********
3. Would you like to enter a role/level [y]? y
4. role: secadm_r
5. level: SystemLow-SystemHigh
"Not a valid security context." error message is shown and system goes back to
the prompt seen in line 3.
Should login with specified role/level.
Pressing carriage return at "role" prompt and changing only the MLS level works
fine. I can login as sysadm_r:sysadm_t:Secret-SystemHigh for instance.
Fixed in pam-0.99.6.2-3.9.el5
Available on http://people.redhat.com/dwalsh/RHEL5
It seems that now the role selection works better but not 100%.
Now I can select a role but if I say "N" to the dialog in step 3 (Would you like
to enter...) I get an authentication failure message and then I get back to the
prompt. I also got some "random" messages of this kind when trying to enter a
role, I say "random" because doing the same procedure again worked, then after
some tries it didn't.
As I have updated an existing system with the new packages rather then
installing a new one from scratch I'm not sure if the results could have been
masked by some other issue. I'm going to setup a new system and do that tests
again and update this bug.
Pushing this back to Assigned to get some clarification on comment 5.
I've updated the test machine I mentioned in comment #5 with the even newer
pam-0.99.6.2-3.10.el5. I've also reinstalled another test machine from scratch
and asked the kickstart to install the new pam packages itself during the
In both cases I could confirm that the roles (and levels) selection is working
as expected. Thanks!
Moving to Verified.
Created attachment 144867 [details]
The latest version of the select_context patch
Does the patch in comment 9 need to be incorporated into the RHEL5 builds?
The patch is already there.
pam-0.99.6.2-3.13.el5 included in 20070111.1 and 20070112.3 trees.