[Freeipa-devel] Kerberos ticket forwarding
Karl MacMillan
kmacmill at redhat.com
Thu Oct 4 14:12:10 UTC 2007
On Wed, 2007-10-03 at 11:36 -0400, Rob Crittenden wrote:
> Rob Crittenden wrote:
> > I started from scratch on the Kerberos ticket forwarding problem and
> > mod_auth_kerb again. I have a 2-line patch that fixes it now and doesn't
> > require the massive changes I currently used.
> >
> > In my rush I included the F7 patch in the RHEL-5 bug :-( I also made a
> > patch for that.
> >
> > The patch for both can be found at:
> > https://bugzilla.redhat.com/show_bug.cgi?id=301061
> >
> > Note that I had RHEL-5 enforcing on my RHEL-5 box and had lots of
> > problems with the tickets.
> >
> > The CGI I wrote to test this called klist to show that the ticket was
> > forwarded properly. I got this denial:
> >
> > Oct 1 16:38:18 thor setroubleshoot: SELinux is preventing the
> > /usr/kerberos/bin/klist from using potentially mislabeled files
> > (/tmp/krb5cc_apache_TxNr3M). For complete SELinux messages. run
> > sealert -l 40a72116-ed45-420d-914a-ce9d56486d94
> >
> > rob
> >
>
Can you get me the full SELinux message with that sealert command? That
message normally means there is something wrong with the labeling of
your system.
Karl
More information about the Freeipa-devel
mailing list