[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: kerberos server + enforcing mode?
- From: Daniel J Walsh <dwalsh redhat com>
- To: Robert Story <rstory sparta com>
- Cc: fedora-selinux-list redhat com
- Subject: Re: kerberos server + enforcing mode?
- Date: Thu, 10 Jul 2008 15:31:12 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Robert Story wrote:
> I'm still getting "modify_principal: Insufficient access to lock
> database" error messages when trying to use kadmin in enforcing mode.I
> ran 'semodule -DB' to re-enable don't audit messages, and I've attached
> what I get when trying to run a kadmin command to add a principal
> (after starting kadmind/krb5kdc... kadmin.log seems to be ok). Any
> hint, tips or policy modules greatly appreciated...
>
>
>
> ------------------------------------------------------------------------
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list redhat com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Looks like this one is causing your problem.
Looks like the files were created with the wrong labels or kadmin is not
allowed to create.
restorecon -R -v /var/kerberos
I am fixing the policy to allow the creation of the lock files with the
correct label.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkh2Y4AACgkQrlYvE4MpobOlUgCgguLXylG2BPmDBEaKvw+INpjk
uz0AnR1POUQwI+KnWvwZuzZHxxEekK+p
=scDr
-----END PGP SIGNATURE-----
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]