rooty/yubico-pam
1
0
Fork 0
mirror of https://github.com/Yubico/yubico-pam.git synced 2025-02-20 21:54:16 +01:00
Code Issues Projects Releases Wiki Activity

Update and rename Yubikey_and_SELinux_on_Fedora_18_and_up.txt to Yubikey_and_SELinux_on_Fedora_18_and_up.adoc

Browse Source
This commit is contained in:
Henrik Stråth 2014-10-31 15:59:24 +01:00
parent 6a405bd272
commit cf67053e78
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/Yubikey_and_SELinux_on_Fedora_18_and_up.txt → doc/Yubikey_and_SELinux_on_Fedora_18_and_up.adoc
View File

@ -1,6 +1,6 @@
Starting with Fedora 17, SELinux prevents sshd to initiate connections to remote HTTP ports (80 and 443). In SELinux terms: sshd_t is not allowed to name_connect to http_port_t. This broke Yubikey authentication on a system with SELinux in enforcing mode, unless a custom SELinux policy was written and enabled.
Based on a [bugreport](https://bugzilla.redhat.com/show_bug.cgi?id=841693) in Red Hat Bugzilla, a boolean was added to the SELinux policy for Fedora 18 and up, that can be toggled to allow sshd (and some other SELinux types) to connect to remote HTTP ports.
Based on a https://bugzilla.redhat.com/show_bug.cgi?id=841693[bugreport] in Red Hat Bugzilla, a boolean was added to the SELinux policy for Fedora 18 and up, that can be toggled to allow sshd (and some other SELinux types) to connect to remote HTTP ports.
To make a long story short, if you want to use a Yubikey on a system running Fedora 18 or higher (and probably RHEL7, eventually), you'll need to toggle the 'authlogin_yubikey' SELinux boolean, like so: