Comment 4 for bug 324645
Revision history for this message
| Tim Southerwood (t-southerwood) wrote Re: Hardy i386 Cupsd crash with SIGSEGV with PAM/Kerberos Auth | #4 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
-- I emailed a reply but it didn;t appear, so I'm posting the text straight in
Hi Martin,
Sure - here you go:
Martin Pitt wrote:
> > Can you please reproduce the situation that caused an error before, and
> > attach /var/log/kern.log? This will show me the exact violations that
> > cause this. Thanks!
> >
> > ** Changed in: cupsys (Ubuntu)
> > Assignee: (unassigned) => Martin Pitt (pitti)
> > Status: New => Incomplete
> >
1st level failure after aa-enforce /usr/sbin/cups; /etc/init.d/cupsys
restart and then try to log into a secure cups page:
2009/02/13 09:41:07 notice kern rodan kernel: [558478.665721]
audit(123451806
requested_
profile=
2009/02/13 09:41:07 notice kern rodan kernel: [558478.665903]
audit(123451806
requested_
profile=
----
Then I add "/etc/krb5.conf r," to app-armour for usr.sbin.cupsd
Rinse, lather, repeat and we get:
2009/02/13 09:45:33 notice kern rodan kernel: [558743.850245]
audit(123451833
requested_
profile=
So I add
/etc/krb5.keytab k,
(what's "k")?
----
Then we get:
2009/02/13 09:48:28 notice kern rodan kernel: [558918.559183]
audit(123451850
requested_
pid=13023 profile=
(which is the kerberos ticket cache)
*Don't* assume the form of the name of that temp file - it's configurable.
So I add:
/tmp/** rkw,
-----
Re-init and that *seems* to work.
Kerberos auth via PAM is now operational.
But, I have little understanding of apparmor so you may be able to see
sillyness in what I've done.
Cheers - and thanks :)
Glad to be able to help make a great distro 0.0001% better :)
Best wishes
Tim