Description of problem: I have installed RHEL5 on a test system, and am authenticating users that are stored in an LDAP database via Kerberos. Local accounts (such as root) can login without a problem. Accounts stored in the LDAP/Kerberos database are having trouble. They can occassionally login fine. More often than not, once they hit a bash prompt, they are immediately kicked back to the login prompt. It's like bash is crashing. Regardless of whether they can successfully get to a bash prompt or not, I see the following errors in my /var/log/secure file: May 15 15:57:00 localhost login: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=tty1 ruser= rhost= user=testuser May 15 15:57:00 localhost login: pam_krb5[3659]: authentication succeeds for 'testuser' ( testuser@KRBDOMAIN) May 15 15:57:00 localhost login: pam_unix(login:session): session opened for user testuser by LOGIN(uid=0) May 15 15:57:00 localhost login: pam_selinux(login:session): Warning! Could not get new context for /dev/tty1, not relabeling: Invalid argument May 15 15:57:00 localhost login: pam_selinux(login:session): usercon=(null), prev_context=system_u:object_r:tty_device_t May 15 15:57:00 localhost login: LOGIN ON tty1 BY testuser May 15 15:57:00 rheltest login: pam_unix(login:session): session closed for user testuser I have put selinux into permissive mode, and still get the same log entries and the same symptoms. I suspect this is a PAM/Kerberos issue more than an selinux issue. Thoughts? Is there a bug with pam_krb5, or is there something else that could be causing this behavior? It's especially bizarre that the behavior is unpredictable. Thanks Norman
To further test this, I've taken LDAP out of the loop. A local user who is authenticated via Kerberos is immediately kicked back to the login prompt about 50% of the time. A local user with a local password does not have any problems.
If this is a support issue on RHEL, please contact support at: https://www.redhat.com/support/process/production Bugzilla is not a customer support vehicle.