[Freeipa-users] http service keytab for cname virtual host
Natxo Asenjo
natxo.asenjo at gmail.com
Thu Mar 29 18:43:13 UTC 2012
On Thu, Mar 29, 2012 at 8:25 PM, Simo Sorce <simo at redhat.com> wrote:
> Your configuration looks right, but I went back and looked at your logs
> and I saw a permission denied error.
>
> I would check that the apache user can access the keytab
> file: /etc/httpd/conf/webserver01_http.keytab
> If you are using RHEL/Fedora, also check the audit.log file in case the
> file is mislabeled and SELinux is preventing access to it.
>
Bingo! selinux was indeed blocking it.
:-)
A few years ago I would have inmediately looked at selinux (or even
disabled it right away during the installation), but since fedora 12 you
guys have actually made it just work (TM), so I never thought of that.
This is really awesome, I am thoroughly enjoying ipa.
Thanks!
--
natxo
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120329/3cac197b/attachment.htm>
More information about the Freeipa-users
mailing list