I'm using FC8 and have installed a mailserver(postfix+dovecot),when I trying to enable the selinux mode to enforcing and i'm have some issue, the user authentication failed.if turn the selinux mode to permissive, then it work right.How can i to fix this problem?
View 14 RepliesIm using CenOs 5 and have install a mail system(postfix+dovecot),when I trying to enable selinux for enforcing mode and i'm have some issue, the user authentication failed. How can i to fix this problem?
View 2 Replies View RelatedI am trying to setup Postfix along with dovecot on RHEL4. I have done the necessary settings in dovecot.conf, yet I am not able to log into the POP3 server. The error I can see through WireShark/Ethereal is "Err- Authentication failed" Some of the important settings in /etc/dovecot.conf are
disable_plaintext_auth = no
auth_mechanisms = plain
auth_userdb = passwd
auth_passdb = pam
auth_user = root
The users/passwords are setup on Linux file system without MQSql or any other database. SASL etc is not configured at all.
I am new to to dovecot and would like some help, so please be kind.I have one user that can send mail but not read it either by pop3 or imap.I am running Dovecot 2.0.11 on Fedora 14.
View 2 Replies View RelatedCurrently working on the targeted policy, I need a help in doing the following things as quick as possible:
1- How to create a totally new SELinux user (not mapping new linux user to SELinux user) I want a new user with no roles or with a maximum of 1 role. I also need how to compile the new user so I can used it for mapping users. At the time, I've tried creating a new file inside /etc/selinux/targeted/contexts/users similar to the other users inside this directory, but it did not actually seem to appear when using the command semanage to list SELinux users : semanage user -l
2- How to create a totally new SELinux role (empty for now) ? and how to make the relation between this new role and domains or types.
3- How to create new domain, actually following some old instructions I created the .fc and .te files, but not the .if file, which is more complicated than the other 2 file.
Situation: fresh dovecot install. I have postfix successfully accepting and delivering mail to a virtual mailbox. I'm trying to pop that mailbox, but it can't see it. I hope someone can point out where my config is wrong.
View 2 Replies View RelatedWhen I confine a user myuser to the type user_u (or staff_u) with the SELinux instruction semanage login -d -s user_u myuser, this user cannot execute OpenOffice.
The error is :type=SYSCALL msg=audit(1302501686.474:8504): arch=40000003 syscall=192 success=no exit=-13 a0=0 a1=11bc60 a2=5 a3=802 items=0 ppid=12819 pid=12832 auid=4294967295 uid=505 gid=504 euid=505 suid=505 fsuid=505 egid=504 sgid=504 fsgid=504 tty=pts2 ses=4294967295 comm="soffice.bin" exe="/opt/openoffice.org3/program/soffice.bin"
[code]....
I suppose the problem occurs because I installed the rpm from the OpenOffice repository, not the standard OpenOffice included in FC13. However I prefer to use the rpm version, because of some bugs in the FC13 OpenOffice version. How can I create a policy to allow the execution of libicuuc and other OpenOffice libraries by my confined user ?
I was trying to install winbind on a RHEL5 machine and I had to reboot the RHEL machine. When it came back up, I'm not able to log in as root or any other user.When I use root and give a random password, it says invalid username or password but when I use the correct password, I get an Authentication failed pop up box (under GUI). SSh window says invalid password for random passwords and the SSH window disappears when I type in the right password.Can you please let me know if I can somehow get back in by stopping any of the services
View 3 Replies View RelatedI want to configure SSH key-based authentication and SSH password Authentication in same machine for different user .
View 1 Replies View RelatedMy understanding is SELinux adds type enforcement to standard Linux. This means that both the standard Linux and enhanced SELinux access controls must be satisfied to access an object. Which means that thing that is prevented to do in the normal standard Linux will be also prevented in the SELinux System? Does SELinux make it possible to run a non-root software to bind to a port < 1024? something that standard Linux won't allow? If not, what other suggestions do you have for allowing a program to run as non-root but able to bind to privileged ports? I know all about using the port re-direction such as ipchains, iptables.
View 4 Replies View RelatedI just finished following the instructions found here to install FreeNX on my ubuntu 10.04 server. It went smoothly, just used the default keys.Once I had that all set up I scrolled down and followed the instructions to set up the client and that went fine as well.My problem is with actually using the program.When I try to log in I get the error "Authentication failed for user tony" (my username). Do I need to change anything in the configuration other than setting it to use gnome and putting in the host address?oes it make a difference that my ssh settings only allow rsa login? I logged into the server with ssh to see if that helped but it did not. I even tried using the ssh key with the FreeNX Client but that did not work
View 9 Replies View RelatedWhat security mechanisms are used by recent versions of the Linux operating system during user authentication?
View 3 Replies View RelatedI have intalled RADIUS server on one machine which has fedora 10. I have installed freeradius-server-2.1.10 on it(server machine IP 10.150.110.42).
I have one more machine with redhat linux on which i have installed pam_radius-1.3.17(client machine IP 10.150.113.4).
I have done the follwoing configuration at both sides
SERVER SIDE.
users file
"vijay" Auth-Type := Local, Cleartext-Password == "123qwe", NAS-IP-Address == "10.150.113.4"
Reply-Message = "Hello, %u"
[Code]....
Above mentioned is my configuration. when i try to connect client with SSH it is not sending a request for authenticating user to RADIUS server. what else configuration i have to do, or if there are any mistakes in my configuration
I want to use nomachine, instead of freenx, and well it isn't working. SSH server works and all, because freenx works., same for neatx. But I hear with nomachine you can see the main display of the computer? Is this true? Well one way to find out, but whenever I try to login I get: Authentication failed for user x. I don't know why, neatx and freenx worked, even x2go, but not this.
View 1 Replies View RelatedI have installed keberos on my suse machine, but after installation now I am not able to login in it even with the root password. I search over the internet but could not find the solution. What to do now and how to configure Kerberos on a local machine with only local users authentication. I mean client and server both are on the same machine.
View 2 Replies View RelatedI made a system in CentOS5.5. I used Tomcat6 and PostgreSQL. But I couldn't enter my system. There are some error. And I don't understand what kind of error this.
JDBCExceptionReporter.logExceptions(100) | SQL Error: 0, SQLState: null
JDBCExceptionReporter.logExceptions(101) | Cannot create PoolableConnectionFactory (FATAL: Ident authentication failed for user "postgres")
"postgres" is username.
Is anybody knows anything about this error message.
I was trying to configure user authentication in SSH using certificate method.As u all know the usual way of authentication is using the ssh-keygen method. But i want the another method where we create a certificate key and send it to the CA, which signs it and send back etc etc.I cannot find any unique procedure in the net to configure this method.
View 3 Replies View Relatedthis is the allert i got:Code:Summary:Your system may be seriously compromised! /usr/sbin/NetworkManager tried to loada kernel module.Detailed Description:SELinux has prevented NetworkManager from loading a kernel module. All confinedprograms that need to load kernel modules should have already had policy writtenfor them. If a compromised application tries to modify the kernel this AVC willbe generated. This is a serious issue.Your system may very well be compromised.Allowing Access:Contact your security administrator and report this issue.Additional Information:
Source Context system_u:system_r:NetworkManager_t:s0
Target Context system_u:system_r:NetworkManager_t:s0
Target Objects None [ capability ]
[code]....
I have installed CentOS 5.2. I want to login automatically for an user without authentication.
View 2 Replies View RelatedFC15,Dovecot start is ok,when test,just error: telnet 192.168.1.20 110 +OK Dovecot ready. user test -ERR Plaintext authentication disallowed on non-secure <SSL/TLS> connections.
View 14 Replies View RelatedI'm attempting to get MapServer running on my Fedora 13 computer. I was able to install with the package manager, and the executable (mapserv) was originally placed in /usr/sbin. But I need it in /var/www/cgi-bin to work on the webserver. So I copied the file to the right location. Unfortunately, it doesn't have the correct SELinux context. Here's the message from the troubleshooter:
SELinux denied access requested by /var/www/cgi-bin/mapserv. /var/www/cgi-bin/mapserv is mislabeled. /var/www/cgi-bin/mapserv default type is httpd_sys_script_exec_t, but its current type is httpd_sys_script_exec_t. Changing this file back to the default type, may fix your problem.
How's that for circular logic? Does anyone have an idea what the correct SELinux context for a cgi-bin executable might be?
Trying to keep selinux enabled. When I start SeLinux Troubleshooter from the menu, which is inautostart as well, It tells me SELinux not enabled, sealert will not run on nonSELinus systems".How do I get SELinux permanently started then
View 10 Replies View RelatedMy newly installed Fedora-14 (64-bit) has SELinux disabled. I can't find any way to enable it. I tried to set it manually in /etc/selinux/config to enforcing or permissive but nothing happens after reboot. In GUI configuration tool it is set to disabled and grayed out so that there is no way to enable it there. Is there another way to enable SELinux?
View 11 Replies View RelatedI tried to log in to my xguest account and it asked for a password, which it shouldn't, so there's a problem with SELinux.When I type getenforce it says it is disabled, yet when I go to /etc/selinux and look at the config, it is in enforcing mode and not commented out, type is strict.When I go to the SELinux management GUI I can't change the current enforcing mode and it's set to disabled and default to enforcing.
View 2 Replies View RelatedI've been having enormous problems with pam authentication. I use opensuse 11.1, postfix 2.5.5, dovecot 1.1.7. , ssl, dovecot-sasl. Everything works fine within local network, but I can't log in from outside (using outlook express 6). Output of dovecot -n:
protocols: imap imaps pop3 pop3s
listen(default): *:143
listen(imap): *:143
listen(pop3): *:110
[code].....
I have Centos ( and Postfix+ldap+dovecot ) TLS works with Postfix and LDAP. When I open evolution mail client I can browse ldap tree and search for users, send-receive mails ...all fine
View 3 Replies View RelatedI am new to Fedora 10, and to SELinux too.
I would like to know how can I prevent from users with role user_r to connect to Internet with firefox.
I am running Fedora 11 and every time i plug in my iPod it tells me... SELinux is preventing mkdir (podsleuth_t) "read" security_t ... I have no idea on how to create a policy module to allow access.
View 2 Replies View RelatedI get a SELinux relabel often even without changing stuff. SELinux troubleshoot doesn't show any error nor are there any messages in /log/messages that give any clue. Where should I look to see whats happening ?
2.6.31.12-174.2.22.fc12.x86_64
selinux-policy-3.6.32-103.fc12
I wonder if SELinux really are necessary for a home desktop ?
It only makes my computer use more problematic than it already is.
What can happend if I uninstall it on my Fedora 13 dist ?
Is the hole Internet going to come in to my computer and destroy it ?
If I uninstall SELinux, is the firewall uninstalled also ?