Michael Mraka <[email protected]> wrote: > Please check newer documentation at > https://access.redhat.com/documentation/en-us/red_hat_satellite/5.8/html/ > installation_guide/chap-authentication#Implementing_PAM_Authentication
Thanks for info, there were two things missing, but fixing those didn't help. - Installed pam-devel -package - Ran "$ setsebool -P allow_httpd_mod_auth_pam 1". Not sure if this was already on, because getsebool -a doesn't show that. > > > Any ideas what else to check? The working 2.6 installation in Centos 6 > > causes also that same keytab error line to /var/log/messages so I suppose > > it doesn't matter. > > What kind of authentication is behind your PAM? Is it LDAP? > ActiveDirectory/kerberos, so /etc/pam.d/rhn-satellite is based on the Kerberos version. I had missed yesterday that /var/log/messages has also something related to this issue. Jan 4 11:50:55 server: 2018-01-04 11:50:55,761 [ajp-bio-0:0:0:0:0:0:0:1-8009-exec-6] WARN com.redhat.rhn.domain.user.legacy.UserImpl - PAM login for user User <user> (id <id>, org_id <org_id>) failed with error System error. Jan 4 11:50:57 server: 2018-01-04 11:50:57,762 [ajp-bio-0:0:0:0:0:0:0:1-8009-exec-6] INFO com.redhat.rhn.frontend.action.LoginAction - LOCAL AUTH FAILURE: <user> The success message was actually in /var/log/secure so it seems that PAM itself is satisfied but there is some issue between PAM and Spacewalk. Jan 4 11:50:55 java: pam_krb5[18217]: error reading keytab 'FILE:/etc/krb5.keytab' Jan 4 11:50:55 java: pam_krb5[18217]: TGT verified Jan 4 11:50:55 java: pam_krb5[18217]: authentication succeeds for '<account>' (<account>@domain.invalid) BR, -- Olli Rajala Finland
_______________________________________________ Spacewalk-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-list
