Tony Nelson wrote:
At 1:39 PM -0500 6/2/07, Justin W wrote:
I tried both 'setenforce 0' and appending 'enforcing=0' to the kernel
arguments. Neither allowed me access.
So much for that idea.
Yeah, SELinux is usually my fall-back thing to blame. I don't like it
when it's not it because it's not as easy as just not enforcing policy
until either 1) a policy update is made or 2) I create a rule to allow
whatever it is I want done.
Would having the user accounts being held in an LDAP directory have any
effect (though I don't see how it'd effect one access method and not the
other)?
Dunno, haven't used LDAP. Can you change that for even one new account,
and try it that way?
I added a tester account locally and tried logging in with that. I got
the same error messages in my logs:
Jun 2 23:07:50 zeus su: pam_unix(su-l:auth): authentication
failure; logname=tester uid=550 euid=0 tty=pts/0 ruser=tester
rhost= user=root
type=USER_AUTH msg=audit(1180843672.674:96): user pid=1881 uid=550
auid=550 subj=user_u:system_r:unconfined_t:s0 msg='PAM:
authentication acct=root : exe="/bin/su" (hostname=?, addr=?,
terminal=pts/0 res=failed)'
Is there a good location to place a "debug" option in the PAM
configurations? Which modules would be the most useful to get
information from (and how does it work? I tried one already and I didn't
see any more output in any logs than normal.).
Thanks,
Justin W
