703379 – Can't register systems with satellite using PAM auth + SELinux Enforcing

Bug 703379 - Can't register systems with satellite using PAM auth + SELinux Enforcing

Summary: Can't register systems with satellite using PAM auth + SELinux Enforcing

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Satellite 5
Classification:	Red Hat
Component:	Docs Release Notes
Sub Component:
Version:	541
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Lana Brindley
QA Contact:	ecs-bugs
Docs Contact:
URL:
Whiteboard:
Depends On:	639110
Blocks:	sat541-docs
TreeView+	depends on / blocked

Reported:	2011-05-10 08:32 UTC by Jan Pazdziora
Modified:	2013-10-23 23:22 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Cause: Satellite 5.3 on RHEL 5.5 x86_64 with SELinux in Enforcing mode when allow_httpd_mod_auth_pam SELinux boolean is not set Consequence: System registration by Satellite users with Kerberos PAM authentication will fail. Workaround: set allow_httpd_mod_auth_pam SELinux boolean to TRUE Result: Users can register systems using Kerberos authentication Running RHN Satellite 5.3 on RHEL 5.5 64 bit systems, with SELinux in Enforcing mode, and without setting the allow_httpd_mod_auth_pam SELinux boolean can lead to system registration with Kerberos PAM authentication to fail. To work around this issue, set the allow_httpd_mod_auth_pam SELinux boolean to TRUE so that users can register systems using Kerberos authentication.
Clone Of:	639110
Environment:
Last Closed:	2011-06-16 22:33:08 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Comment 1 Lana Brindley 2011-06-06 20:58:45 UTC

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause: Satellite 5.3 on RHEL 5.5 x86_64 with SELinux in Enforcing mode when allow_httpd_mod_auth_pam SELinux boolean is not set

Consequence: System registration by Satellite users with Kerberos PAM authentication will fail.

Workaround: set allow_httpd_mod_auth_pam SELinux boolean to TRUE

Result: Users can register systems using Kerberos authentication

Comment 2 Lana Brindley 2011-06-07 18:21:50 UTC

    Technical note updated. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    Diffed Contents:
@@ -4,4 +4,7 @@
 
 Workaround: set allow_httpd_mod_auth_pam SELinux boolean to TRUE
 
-Result: Users can register systems using Kerberos authentication+Result: Users can register systems using Kerberos authentication
+
+
+Running RHN Satellite 5.3 on RHEL 5.5 64 bit systems, with SELinux in Enforcing mode, and without setting the allow_httpd_mod_auth_pam SELinux boolean can lead to system registration with Kerberos PAM authentication to fail. To work around this issue, set the allow_httpd_mod_auth_pam SELinux boolean to TRUE so that users can register systems using Kerberos authentication.

Comment 3 Lana Brindley 2011-06-16 22:33:08 UTC

5.4.1 Satellite books are now available on docs.redhat.com. Please raise a new
bug for any issues.

LKB

Note You need to log in before you can comment on or make changes to this bug.