I have to find out, that pam_ssh needs to create the directory /var/run/pam_ssh on runtime to work properly. The current policies denied the creation of this directory for the login process.
What avc are you seeing?
type=AVC msg=audit(1317579840.309:64): avc: denied { write } for pid=1263 comm="login" name="/" dev=tmpfs ino=5110 scontext=system_u:system_r:local_login_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_run_t:s0 tclass=dir type=SYSCALL msg=audit(1317579840.309:64): arch=c000003e syscall=83 success=no exit=-13 a0=7f62f823273f a1=1ed a2=fffffffffffffed0 a3=0 items=0 ppid=1 pid=1263 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=tty2 ses=2 comm="login" exe="/bin/login" subj=system_u:system_r:local_login_t:s0-s0:c0.c1023 key=(null)
restorecon -R -c /var/run/pam_ssh Will fix. /var/run/pam_ssh should be in the pam_ssh payload. Secondly you need to add a /etc/tmpfiles.d/pam_ssh.conf cat /etc/tmpfiles.d/pam_ssh.conf D /var/run/pam_ssh 0750 root root - This will tell systemd to create the directory with the correct label at boot time. Then the login programs will be allowed to use the directory.
pam_ssh-1.97-8.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/pam_ssh-1.97-8.fc16
pam_ssh-1.97-8.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/pam_ssh-1.97-8.fc15
Package pam_ssh-1.97-8.fc16: * should fix your issue, * was pushed to the Fedora 16 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing pam_ssh-1.97-8.fc16' as soon as you are able to, then reboot. Please go to the following url: https://admin.fedoraproject.org/updates/pam_ssh-1.97-8.fc16 then log in and leave karma (feedback).
You should unghosted the /var/run/pam_ssh entry in the %files stanza to make sure, that this directory will be created directly after the package was installed.
pam_ssh-1.97-9.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/pam_ssh-1.97-9.fc16
pam_ssh-1.97-9.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/pam_ssh-1.97-9.fc15
pam_ssh-1.97-9.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.
pam_ssh-1.97-9.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.