does pam_opa work on centos 7
chunanlee opened this issue · comments
As subject. I found pam_opa works well with Ubuntu but not Centos 7.
the part of configuration of pam.d/sshd is as follows:
auth required /lib/security/pam_opa.so url=http://192.168.1.1:8181 authz_endpoint=/v1/data/sshd/authz display_endpoint=/v1/data/display pull_endpoint=/v1/data/pull log_level=debug
the configuration above works on Unbuntu.
Can you help me to find the root cause?
Thank you very much for your help
Chunan
ignore my question that the issue is caused by SELinux
@chunanlee could you share the configuration that worked with SELinux? If you have time, would be awesome if you could update the documentation to help others who run into the same issues
this article should give you idea to fix the issue. i had the same problem before.
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/security-enhanced_linux/sect-security-enhanced_linux-fixing_problems-searching_for_and_viewing_denials
Thanks @danvela closing this now