[Freeipa-users] Dovecot imap authentication with IPA/Kerberos
Dale Macartney
dale at themacartneyclan.com
Tue Jan 31 18:22:36 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
All
I just found the culprit for the selinux error
I have the user's home dir automatically created when I was testing the
account was working.
ssh user2 at mail02.example.com... etc
for some reason, the selinux context of the users homedir is set to
home_root_t instead of user_home_dir_t.
once a restorecon was run on /home (restorecon -R /home) the selinux
errors disappeared when accessing mail via imap.
I'll do a write up of the details for the wiki so it is documented.
Dale
On 01/31/2012 04:40 PM, Dale Macartney wrote:
>
> thanks Siggi,
>
> I was just browsing past those mails from earlier today as well... I'll
> make those changes before it goes on the wiki.
>
>
>
> On 01/31/2012 04:37 PM, Sigbjorn Lie wrote:
> > On 01/31/2012 05:07 PM, Dale Macartney wrote:
> >>
> >> sed -i "s-#auth_krb5_keytab =-auth_krb5_keytab = /etc/krb5.keytab-g"
> >> /etc/dovecot/conf.d/10-auth.conf
> >>
>
> > Perhaps I could recommend to retreive the imap/imaps keytabs into a
> seperate keytab file, and configure the auth_krb5_keytab config file
> option in dovecot.conf to point to this file. This increases the
> security by a tenfold as pointed out earlier in this thread.
>
>
>
> > Regards,
> > Siggi
>
> > _______________________________________________
> > Freeipa-users mailing list
> > Freeipa-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/freeipa-users
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQIcBAEBAgAGBQJPKDFpAAoJEAJsWS61tB+qmn4P/32sD+bJJWd2J8XjqFti6lC2
BZhahWgYiEpfwgGX5B3YSwx7v6URq+dYdp0ZIYJFTAMitq6qDD8Y0wJ7bpd1zxb1
GyVLDDBxkpzLOSFe21CqQVsWvOLU9AHlOWcT4AaKYU8M2s4XqyIqiY8WduAzJcen
l1Q2yryZ6uAYdpLsG4WHxu9WvfSE+85K0cvFlc302tVa/JyML40gsRueRN7gRAHa
zhPOu605ZgEP890CvP1jHN77hH7WU52MZqBJrscnFIbxEhuJtjMzXIPcGeJev+TR
aHiBzdGVsQUssFAL6B589l+Q3NxRSlU/zxCk9pERF3Ql8m/YPnlBiTdqa0Am3y6+
PJF5ggmkDIeWCWuJwT9f1Rpm2zF/ooytnPlcIfm3hbETHFdzPjNBH52M/whXrCx6
XdUw5Bk3sYkSdmrbgjqVY/gz+We3JzkWBPbiKf1I8DD7EOTT4lb5BNxsSKAslwZn
apbnIcTkMn9du22zIn5/o1iYbnUi52BEJkTj0ZNrmNDeVNMYA/A/ssUcC4ecEiql
aIDftfH+2sFvzDBIyB1eygibpcI2ILTy4J8gwLSAZyZ3oF65icnfTUldkqB/JBC8
6yVJKXMNIojTQo7NKaBJ3pDF1mALLzfXldGOqxudF7U7TlhGyvqA+SpTPxA9IM77
qKHqWoOCfTci/4C+ncLn
=0kQn
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120131/734bdd73/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xB5B41FAA.asc
Type: application/pgp-keys
Size: 5790 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120131/734bdd73/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xB5B41FAA.asc.sig
Type: application/pgp-signature
Size: 543 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20120131/734bdd73/attachment.sig>
More information about the Freeipa-users
mailing list