Re: [redhat-lspp] Problem SSH-ing into LSPP system with multiple categories

Fri, 26 Jan 2007 14:31:13 -0800 

Kylene Jo Hall wrote:

More test data:


[EMAIL PROTECTED] ~]# ssh testuser/user_r/s2:[EMAIL PROTECTED]
Password:
Last login: Fri Jan 26 14:55:13 2007 from rheal3a.endicott.ibm.com
-bash-3.1$ id
uid=501(testuser) gid=501(testuser) groups=501(testuser)
context=testuser_u:user_r:user_t:A
-bash-3.1$ exit
logout
Connection to localhost closed.
[EMAIL PROTECTED] ~]# ssh testuser/user_r/s2:[EMAIL PROTECTED]
Password:
Last login: Fri Jan 26 14:55:29 2007 from rheal3a.endicott.ibm.com
-bash-3.1$ id
uid=501(testuser) gid=501(testuser) groups=501(testuser)
context=testuser_u:user_r:user_t:B
-bash-3.1$ exit
logout
Connection to localhost closed.
[EMAIL PROTECTED] ~]# ssh testuser/user_r/s2:[EMAIL PROTECTED]
Password:
Last login: Fri Jan 26 14:55:40 2007 from rheal3a.endicott.ibm.com
-bash-3.1$ id
uid=501(testuser) gid=501(testuser) groups=501(testuser)
context=testuser_u:user_r:user_t:s2:c3
-bash-3.1$ quit
-bash: quit: command not found
-bash-3.1$ exit
logout
Connection to localhost closed.
[EMAIL PROTECTED] ~]# ssh testuser/user_r/s2:[EMAIL PROTECTED]
Password:
Last login: Fri Jan 26 14:56:05 2007 from rheal3a.endicott.ibm.com
-bash-3.1$ ls
-bash-3.1$ id
uid=501(testuser) gid=501(testuser) groups=501(testuser)
context=testuser_u:user_r:user_t:s2:c2
-bash-3.1$ quit
-bash: quit: command not found
-bash-3.1$ exit
logout
Connection to localhost closed.
[EMAIL PROTECTED] ~]# ssh testuser/user_r/s2:c2,[EMAIL PROTECTED]
Password:
Last login: Fri Jan 26 14:56:22 2007 from rheal3a.endicott.ibm.com
-bash-3.1$ id
uid=501(testuser) gid=501(testuser) groups=501(testuser)
context=testuser_u:user_r:user_t:s2:c2,c3
-bash-3.1$ exit
logout
Connection to localhost closed.
[EMAIL PROTECTED] ~]#



On Fri, 2007-01-26 at 12:54 -0800, Kylene Jo Hall wrote:

More test data:

ssh testuer/user_r/s#:c0,[EMAIL PROTECTED] works for every value of # between
0 and 15 except 2.

Thanks,
Kylie

On Fri, 2007-01-26 at 21:27 +0100, Tomas Mraz wrote:

On Fri, 2007-01-26 at 12:11 -0800, Kylene Jo Hall wrote:

I have been unable to ssh into an LSPP system with multiple categories.

For example the following work:
ssh testuser/user_r/[EMAIL PROTECTED]
ssh testuser/user_r/s2:[EMAIL PROTECTED]
ssh testuser/user_r/s2:[EMAIL PROTECTED]

But these do not:
ssh testuser/user_r/s2:[EMAIL PROTECTED]
ssh testuser/user_r/s2:c0,[EMAIL PROTECTED]

Policy version: selinux-policy-mls-2.4.6-28.el5
Kernel version: kernel-2.6.18-1.3015.2.1.el5.lspp.63

We have tested this on multiple architectures to no avail.  Any
suggestions?

Could you modify LogLevel in /etc/ssh/sshd_config to DEBUG3 and look
into the /var/log/secure what messages are there when the login fails?







I am not able to recreate this here.

semanage user -l
semanage login -l
ps -eZ | grep ssh

--
redhat-lspp mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-lspp

Reply via email to