does pam_opa work on centos 7

Question

does pam_opa work on centos 7

chunanlee opened this issue 5 years ago · comments

As subject. I found pam_opa works well with Ubuntu but not Centos 7.
the part of configuration of pam.d/sshd is as follows:
auth required /lib/security/pam_opa.so url=http://192.168.1.1:8181 authz_endpoint=/v1/data/sshd/authz display_endpoint=/v1/data/display pull_endpoint=/v1/data/pull log_level=debug

the configuration above works on Unbuntu.
Can you help me to find the root cause?
Thank you very much for your help

Chunan

chunanlee · Answer 1 · Tue Feb 04 2020 13:45:09 GMT+0800 (China Standard Time)

ignore my question that the issue is caused by SELinux

Andy Curtis · Answer 2 · Wed Feb 05 2020 03:11:24 GMT+0800 (China Standard Time)

@chunanlee could you share the configuration that worked with SELinux? If you have time, would be awesome if you could update the documentation to help others who run into the same issues

dan · Answer 3 · Fri Feb 21 2020 17:25:44 GMT+0800 (China Standard Time)

this article should give you idea to fix the issue. i had the same problem before.
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/security-enhanced_linux/sect-security-enhanced_linux-fixing_problems-searching_for_and_viewing_denials

Andy Curtis · Answer 4 · Sat Feb 22 2020 03:46:52 GMT+0800 (China Standard Time)

Thanks @danvela closing this now