From 13eb1b9c9f642d50b371c63d7c0510e5749e758e Mon Sep 17 00:00:00 2001
From: Karl Goetz <kgoetz@squiz.net>
Date: Wed, 3 Oct 2012 12:16:06 +1000
Subject: [PATCH] Add information about SELinux to README

Because SELinux in enforcing mode will cause yubikey authentication to
fail I'm including some references to discussion around this problem.
The RH bugzilla link also includes a policy snippet which can be used
for this."

This commit should resolve Issue #43.
http://code.google.com/p/yubico-pam/issues/detail?id=43
---
 README | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/README b/README
index 7880533..a7cb3e9 100644
--- a/README
+++ b/README
@@ -283,6 +283,22 @@ Enter your Yubikey OTP and convert it, your Yubikey token ID is 12 digits and li
 
    Modhex encoded: XXXXXXX
 
+Yubico PAM module and SELinux.
+------------------------------
+Users with SELinux in enforcing mode (the default on Fedora 17+) may experience
+login problems with services including those validated via
+polkit-agent-helper-1, sshd and login.
+
+This is documented in the PAM Yubico issue tracker [1] and Red Hat bugzilla
+including a work around [2] for ssh (Equivalent files could be created for
+other services). Systems in 'permissive' mode will generate AVC warnings but
+authentication will succeed.
+
+[1] http://code.google.com/p/yubico-pam/issues/detail?id=43
+[2] https://bugzilla.redhat.com/show_bug.cgi?id=841693#c3
+
+To determine if you have SELinux enforcing or not run the 'sestatus' command.
+
 Examples
 --------