> > Do you have the > > > allow_httpd_mod_auth_pam > > boolean turned on? > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk6wVZgACgkQrlYvE4MpobOg8gCgzbPmuUBJJ20iBhAQnCoTvZVU > NfUAoLz5TplWxxflLWscqc7Vc7RHahvj > =UYqX > -----END PGP SIGNATURE----- > Ah! I did not know about setsebool. It's now not failing on SELinux (at least that I can tell). Now I get this in /var/log/secure... Nov 1 16:08:07 host unix_chkpwd[22541]: check pass; user unknown Nov 1 16:08:07 host unix_chkpwd[22541]: password check failed for user (treydock) Nov 1 16:08:07 host httpd: pam_unix(httpd:auth): authentication failure; logname= uid=48 euid=48 tty= ruser= rhost= user=treydock Nov 1 16:08:07 host httpd: pam_krb5[8049]: error reading keytab 'FILE:/etc/krb5.keytab' Nov 1 16:08:07 host httpd: pam_krb5[8049]: TGT verified Nov 1 16:08:07 host httpd: pam_krb5[8049]: authentication succeeds for 'treydock' (treydock at TAMU.EDU) Nov 1 16:08:07 host unix_chkpwd[22545]: could not obtain user info (treydock) The keytab error is expected, because to authenticate with my university's Kerberos system it's without adding my server to the their databases. I have other servers on CentOS 5 and 6 running this just fine, so and right now SELinux is the only difference between them. Also, I'm still concerned I never got an email from setroubleshootd about the denials that are now fixed by using setsebool. Any steps I can take to troubleshoot the problem? Thanks - Trey