Centrify

Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-45495: SSH prompts for a password if SELinux is set to Enforcing

Authentication Service ,  

8 December,20 at 04:22 PM

Problem: SSH prompts for a password if SELinux is set to "enforcing". The logs shows the following error message: 

error: ssh_selinux_setup_pty: security_compute_relabel: Invalid argument
 
Cause: The home directories on the NAS is missing the setting for ".K5login" causing SSH to prompt for a password with SELinux set to "enforicing" when it shouldn't be.

Workaround: Set SELinux to "permissive" with the command below is the workaround,

$ setenforce permissive

User-added image

Solution: First change SELinux to "permissive" ($ setenforce permissive), then run the command below to set SELinux Boolean to use NFS as home directories on the server. Now set SELinux to enforcing($ setenforce enforcing).

NOTE: To verify/query list of all the SELinux booleans for specific service run command below:

# semanage boolean -l | egrep "nfs|SELinux"  (NOTE: For this example use_nfs_home_dirs is off  meaning it is not SELinux Boolean is not set.)

User-added image

# setsebool -P use_nfs_home_dirs 1

User-added image

Confirm SELinux is set to "enforcing" with command below:

# getenforce

User-added image

Related Articles

 articleKB-20210: Common Questions Regarding Centrify DirectControl and CoreOS article[How To] Enable Symantec VIP MFA for Centrify Server Suite on Linux Part III article[How To] Enable Symantec VIP MFA for Centrify Server Suite on Linux Part I articleKB-6041: How to show current license type in use by adclient articleKB-6040: How to change the license type in use after adclient successful joined to the AD? articleCentrify 16.12 & 16.12 Hotfix 1 Release Notes articleKB-7555: Unable to login as root after upgrade to Centrify Suite 2016 (CDC 5.3.0) articleCentrify 16.11 & 16.11 Hotfix 1 Release Notes article[How To] Enable Symantec VIP MFA for Centrify Server Suite on Linux Part II