• 1
I have found that simply setting ~/.google_authenticator to ssh_home_t still causes AVC denials when updates to the file occur as write requests come in for user_home_dir_t ~/.google_authenticator~

I've tried adding both paths using semanage but found that still did not appear to resolve it.

As I use google authenticator mainly for SSH I simply moved the file into ~/.ssh/ after applying the change with

auth required pam_google_authenticator.so secret=/home/${USER}/.ssh/.google_authenticator

the directory permission issues went away.

This was all tested on CentOS 6.x



I have fixed this problem in Fedora 17

Basically .google_authenticator~ and .google_authenticator will be created with the correct context.

  • 1

Log in