This got caught in the automation runs(Using /usr/kerberos/bin/rlogin client in the automation run). I guess, this will apply for all the clients mentioned in bug 501107, comment 4 Summary: SELinux is preventing the klogind from using potentially mislabeled files (./.k5login). Detailed Description: SELinux has denied klogind access to potentially mislabeled file(s) (./.k5login). This means that SELinux will not allow klogind to use these files. It is common for users to edit files in their home directory or tmp directories and then move (mv) them to system directories. The problem is that the files end up with the wrong file context which confined applications are not allowed to access. Allowing Access: If you want klogind to access this files, you need to relabel them using restorecon -v './.k5login'. You might want to relabel the entire directory using restorecon -R -v '.'. Additional Information: Source Context root:system_r:rlogind_t:SystemLow-SystemHigh Target Context user_u:object_r:krb5_home_t Target Objects ./.k5login [ file ] Source klogind Source Path /usr/kerberos/sbin/klogind Port <Unknown> Host jetfire.lab.eng.pnq.redhat.com Source RPM Packages krb5-workstation-1.6.1-62.el5 Target RPM Packages Policy RPM selinux-policy-2.4.6-315.el5 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name home_tmp_bad_labels Host Name jetfire.lab.eng.pnq.redhat.com Platform Linux jetfire.lab.eng.pnq.redhat.com 2.6.18-269.el5 #1 SMP Tue Jun 21 16:22:46 EDT 2011 x86_64 x86_64 Alert Count 2 First Seen Thu Jun 23 23:58:21 2011 Last Seen Fri Jun 24 00:00:03 2011 Local ID 3b9d9f6f-0c8e-4c87-b90e-f710db0cdbce Line Numbers Raw Audit Messages host=jetfire.lab.eng.pnq.redhat.com type=AVC msg=audit(1308853803.517:163): avc: denied { read } for pid=3923 comm="klogind" name=".k5login" dev=dm-0 ino=550589 scontext=root:system_r:rlogind_t:s0-s0:c0.c1023 tcontext=user_u:object_r:krb5_home_t:s0 tclass=file host=jetfire.lab.eng.pnq.redhat.com type=SYSCALL msg=audit(1308853803.517:163): arch=c000003e syscall=2 success=no exit=-13 a0=2b2f84b572d0 a1=0 a2=1b6 a3=0 items=0 ppid=3753 pid=3923 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=10 comm="klogind" exe="/usr/kerberos/sbin/klogind" subj=root:system_r:rlogind_t:s0-s0:c0.c1023 key=(null)
The problem is we don't have auth_login_pgm_domain(rlogind_t) in RHEL5.
*** This bug has been marked as a duplicate of bug 714960 ***