Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 227770 - [LSPP] unable to login with 'secadm_r' role
Summary: [LSPP] unable to login with 'secadm_r' role
Keywords:
Status: CLOSED DUPLICATE of bug 227733
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: openssh
Version: 5.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
: ---
Assignee: Tomas Mraz
QA Contact: Brian Brock
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-02-08 00:00 UTC by Klaus Heinrich Kiwi
Modified: 2007-11-30 22:07 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-02-08 20:38:44 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Klaus Heinrich Kiwi 2007-02-08 00:00:57 UTC
Description of problem:
Can't login using 'secadm_r' role, no matter the user (given that the user has
access to this role)

Version-Release number of selected component (if applicable):
selinux-policy-mls-2.4.6-32.el5
selinux-policy-2.4.6-32.el5

How reproducible:
always

Steps to Reproduce:
1. In a lspp-configured system, try loggin in with 'ssh <user>/secadm_r@<host>'
2. enter <user>'s password

  
Actual results:
failed to log-in

Expected results:
log-in successful

Additional info:
This seems similar to Bug #227733 - opening for tracking purposes. Please mark
as duplicate if desired.

Comment 1 Klaus Heinrich Kiwi 2007-02-09 01:16:09 UTC
Tomas, any special reason for closing as NOTABUG? Does this means this won't be
fixed?

 Thanks,

Klaus

Comment 2 Tomas Mraz 2007-02-09 14:21:41 UTC

*** This bug has been marked as a duplicate of 227733 ***

Comment 3 Kylene J Hall 2007-02-09 17:11:22 UTC
My partitions are rather hosed at the moment so I can't double check this with
any certainty but that is what I saw.  I cleared /var/log/secure and restarted
the syslog service before attempting the ssh to make sure I got just the related
stuff.

Here is /etc/pam.d/sshd
auth       include      system-auth
auth       required     pam_tally2.so deny=5 onerr=fail

account    required     pam_nologin.so
account    include      system-auth
account    required     pam_tally2.so

password   include      system-auth

session    required     pam_selinux.so close
session    include      system-auth
session    required     pam_loginuid.so require_auditd
session    required     pam_namespace.so debug # FIXME, remove debug



Note You need to log in before you can comment on or make changes to this bug.