Hi,
I'm trying to set up a kerberos KDC on a clean up-to-date F9 box in
enforcing mode. I'm following an online tutorial, and I get to the
point where I'm trying to set the default policy, and the command fails
with "modify_principal: Insufficient access to lock database". Some
googling turned up 2 suggestions: switcing to permissive mode, or
stopping kadmin and restarting it manually, instead of using the
service command. Both of those solutions worked. Is there some policy
piece missing?
Also, I get an error when starting krb5kdc:
Starting Kerberos 5 KDC: Couldn't open log file /var/log/krb5kdc.log: Permission denied
The accompanying avc is:
Jul 1 18:04:55 tib kernel: type=1400 audit(1214949895.536:4): avc: denied { create } for pid=1839 comm="krb5kdc" name="krb5kdc.log" scontext=unconfined_u:system_r:krb5kdc_t:s0 tcontext=system_u:object_r:krb5kdc_log_t:s0 tclass=file
kadmind starts fine, and kadmind.log is created without a problem...
--
Robert Story
SPARTA
Attachment:
signature.asc
Description: PGP signature