[Freeipa-users] Centos7, selinux, certmonger, and openldap
Martin Kosek
mkosek at redhat.com
Mon Aug 4 11:35:54 UTC 2014
On 08/04/2014 01:36 AM, Nordgren, Bryce L -FS wrote:
> Spoke too soon. I needed the following "extra" selinux policy module to make all the AVCs go away.
>
> BTW: the instructions on http://www.freeipa.org/page/PKI really only work if you leave the password blank when you create a new database with certutil. Otherwise, the "ipa-getcert request" command creates tracking requests which get stuck. Databases with passwords cause certmonger to error with a "Cert storage slot still needs user PIN to be set.." This took me a couple of hours to track down.
Hmm, sorry for incomplete instructions then. I updated the instructions to cope
with that situation better (details in
https://fedorahosted.org/freeipa/ticket/4466#comment:2). Please feel free to
report more findings or even better help us enhance the page even further :-)
HTH,
Martin
More information about the Freeipa-users
mailing list