Add information about SELinux to README

Because SELinux in enforcing mode will cause yubikey authentication to fail I'm including some references to discussion around this problem. The RH bugzilla link also includes a policy snippet which can be used for this." This commit should resolve Issue #43. http://code.google.com/p/yubico-pam/issues/detail?id=43
2025-01-31 16:52:19 +01:00 · 2012-10-03 12:16:06 +10:00 · 2012-10-03 12:16:06 +10:00 · 13eb1b9c9f
commit 13eb1b9c9f
parent 96252b6f2b
1 changed files with 16 additions and 0 deletions
--- a/16
+++ b/16
@ -283,6 +283,22 @@ Enter your Yubikey OTP and convert it, your Yubikey token ID is 12 digits and li

   Modhex encoded: XXXXXXX

+Yubico PAM module and SELinux.
+------------------------------
+Users with SELinux in enforcing mode (the default on Fedora 17+) may experience
+login problems with services including those validated via
+polkit-agent-helper-1, sshd and login.
+
+This is documented in the PAM Yubico issue tracker [1] and Red Hat bugzilla
+including a work around [2] for ssh (Equivalent files could be created for
+other services). Systems in 'permissive' mode will generate AVC warnings but
+authentication will succeed.
+
+[1] http://code.google.com/p/yubico-pam/issues/detail?id=43
+[2] https://bugzilla.redhat.com/show_bug.cgi?id=841693#c3
+
+To determine if you have SELinux enforcing or not run the 'sestatus' command.
+
 Examples
 --------