GSSAPI logins are not working with QAS 4.1.6 with SELinux enabled and in enforcing mode. QAS has been configured to work with SELInux by running the following command:
/opt/quest/bin/vastool configure selinux
When trying to log in, this message is showing up in the system's audit log:
type=AVC msg=audit(1500000000.500:150000): avc: denied { read } for pid=123 comm="sshd" name=".k5login" dev=dm-2 ino=100000 scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:home_root_t:s0 tclass=file
The issue can be fixed by running the following command to restore the configured SEcontext for the home directory:
/opt/quest/libexec/vas/selinux/configure_vas_selinux.sh restore /home/
The directory "/home/" should be replaced with the directory where your home directories are created.
© ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center