[Freeipa-devel] Kerberos ticket forwarding
Rob Crittenden
rcritten at redhat.com
Mon Oct 1 20:44:12 UTC 2007
I started from scratch on the Kerberos ticket forwarding problem and
mod_auth_kerb again. I have a 2-line patch that fixes it now and doesn't
require the massive changes I currently used.
In my rush I included the F7 patch in the RHEL-5 bug :-( I also made a
patch for that.
The patch for both can be found at:
https://bugzilla.redhat.com/show_bug.cgi?id=301061
Note that I had RHEL-5 enforcing on my RHEL-5 box and had lots of
problems with the tickets.
The CGI I wrote to test this called klist to show that the ticket was
forwarded properly. I got this denial:
Oct 1 16:38:18 thor setroubleshoot: SELinux is preventing the
/usr/kerberos/bin/klist from using potentially mislabeled files
(/tmp/krb5cc_apache_TxNr3M). For complete SELinux messages. run
sealert -l 40a72116-ed45-420d-914a-ce9d56486d94
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20071001/697e468a/attachment.bin>
More information about the Freeipa-devel
mailing list