On Tuesday 29 January 2008 09:42:53 Scott Bambrough wrote:
> > Next question is whether or not apache can make that domain transition.
> > Its an easy experiment to find out. Do the above chcon and try it. If
> > that doesn't work, you can reset the label with "restorecon
> > /usr/sbin/validate".
>
> FYI, this doesn't work.

This is the way forward, though. The chkpwd_exec_t type is a domain that is
allowed read access to /etc/shadow.


> Apache cannot make this domain transition as you suspected.

Is there an allow_httpd_mod_auth_pam boolean? Does setting that allow apache
to make the transition?

Thanks,
-Steve

_______________________________________________
rhelv5-list mailing list
rhelv5-list@(protected)
https://www.redhat.com/mailman/listinfo/rhelv5-list