First Last Prev Next    This bug is not in your last search results.
Bug 470793 - Add --with-libpam (and --with-ldap?) to racoon configure options in spec file
Add --with-libpam (and --with-ldap?) to racoon configure options in spec file
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: ipsec-tools (Show other bugs)
10
All Linux
medium Severity low
: ---
: ---
Assigned To: Tomas Mraz
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-11-10 05:34 EST by Pekka Pietikäinen
Modified: 2009-08-19 12:52 EDT (History)
1 user (show)

See Also:
Fixed In Version: ipsec-tools-0.7.3-2.fc12
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-08-19 12:52:23 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Pekka Pietikäinen 2008-11-10 05:34:43 EST 
Description of problem:

Currently it is only possible to create ipsec tunnels that are authenticated against passwd/shadow files, if PAM was included too then the users could be on a LDAP server too. There's a --with-ldap and --with-radius) too, but PAM should cover those, right?
Comment 1 Tomas Mraz 2008-11-10 05:45:57 EST 
Could you try to rebuild the src.rpm with these options enabled and test whether it works (preferably with SELinux enforcing)?
Comment 2 Pekka Pietikäinen 2008-11-13 17:48:33 EST 
Works with permissive but not enforcing:

type=1400 audit(1226603307.249:71): avc:  denied  { read } for
               pid=6964 comm="unix_chkpwd" name="resolv.conf" dev=sda3
               ino=762137 scontext=system_u:system_r:racoon_t:s0
               tcontext=system_u:object_r:net_conf_t:s0 tclass=file

type=1400 audit(1226588980.506:52): avc:  denied  { read } for  
               pid=6574 comm="unix_chkpwd" name="shadow" dev=sda3 ino=761329 
               scontext=system_u:system_r:racoon_t:s0 tcontext=system_u:object_r:shadow_t:s0 tclass=file

Will look at it more next week...
Comment 3 Bug Zapper 2008-11-26 00:06:52 EST 
This bug appears to have been reported against 'rawhide' during the Fedora 10 development cycle.
Changing version to '10'.

More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 4 Tomas Mraz 2009-08-19 12:52:23 EDT 
Enabled in rawhide. It will probably need some selinux policy adjustments though.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.