I wrote a web page with a back end script to allow my wife to "turn off the internet" when she gets mad at our daughter. It basically uses sudo to allow the apache user to turn off or on IP forwarding which disables internet for our XP machine living behind the FC4 firewall. This all worked fine on FC3 after I got the SE linux rules worked out to allow everything to happen. It works not at all under FC4. The sudo that the apache user does to turn off forwarding appears to function, but PAM then errors and fails: This is what pam spits into the /var/log/secure file: Sep 17 22:16:22 monotheletisia sudo: apache : pam_authenticate: System error ; TTY=unknown ; PWD=/var/www/internet/scripts ; USER=root ; COMMAND=/var/www/html/internet/scripts/nointernet 0 Nothing appears in the /var/log/audit/audit.log when this pam error happens, so I am assuming that SElinux is OK?? Google is not forthcoming on the issue of "pam_authenticate System error". The best I can find is that it means "The pam_handle_t passed as a first argument to this function was invalid." However, I am not making the system call, sudo is. So is the a bug, misconfiguration, my dumb error or other in sudo or in pam? The /var/www/html/internet/scripts/nointernet referenced above is a simple script: #!/bin/bash echo $1 > /proc/sys/net/ipv4/ip_forward
