kerberos server + enforcing mode?
Daniel J Walsh
dwalsh at redhat.com
Thu Jul 10 19:31:12 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Robert Story wrote:
> I'm still getting "modify_principal: Insufficient access to lock
> database" error messages when trying to use kadmin in enforcing mode.I
> ran 'semodule -DB' to re-enable don't audit messages, and I've attached
> what I get when trying to run a kadmin command to add a principal
> (after starting kadmind/krb5kdc... kadmin.log seems to be ok). Any
> hint, tips or policy modules greatly appreciated...
>
>
>
> ------------------------------------------------------------------------
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Looks like this one is causing your problem.
Looks like the files were created with the wrong labels or kadmin is not
allowed to create.
restorecon -R -v /var/kerberos
I am fixing the policy to allow the creation of the lock files with the
correct label.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkh2Y4AACgkQrlYvE4MpobOlUgCgguLXylG2BPmDBEaKvw+INpjk
uz0AnR1POUQwI+KnWvwZuzZHxxEekK+p
=scDr
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list