On Tue, 2012-01-31 at 18:22 +0000, Dale Macartney wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > All > > I just found the culprit for the selinux error > > I have the user's home dir automatically created when I was testing > the account was working. > > ssh us...@mail02.example.com... etc > > for some reason, the selinux context of the users homedir is set to > home_root_t instead of user_home_dir_t.
If you use pam_mkhomedir I suggest changing to use pam_oddjob_mkhomedir The seocnd one can properly deal with SELinux labeling on creation. > once a restorecon was run on /home (restorecon -R /home) the selinux > errors disappeared when accessing mail via imap. > > I'll do a write up of the details for the wiki so it is documented. > > > Dale > > > > On 01/31/2012 04:40 PM, Dale Macartney wrote: > > > > thanks Siggi, > > > > I was just browsing past those mails from earlier today as well... > I'll > > make those changes before it goes on the wiki. > > > > > > > > On 01/31/2012 04:37 PM, Sigbjorn Lie wrote: > > > On 01/31/2012 05:07 PM, Dale Macartney wrote: > > >> > > >> sed -i "s-#auth_krb5_keytab =-auth_krb5_keytab > = /etc/krb5.keytab-g" > > >> /etc/dovecot/conf.d/10-auth.conf > > >> > > > > > Perhaps I could recommend to retreive the imap/imaps keytabs into > a > > seperate keytab file, and configure the auth_krb5_keytab config file > > option in dovecot.conf to point to this file. This increases the > > security by a tenfold as pointed out earlier in this thread. > > > > > > > > > Regards, > > > Siggi > > > > > _______________________________________________ > > > Freeipa-users mailing list > > > Freeipa-users@redhat.com > > > https://www.redhat.com/mailman/listinfo/freeipa-users > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iQIcBAEBAgAGBQJPKDFpAAoJEAJsWS61tB+qmn4P/32sD+bJJWd2J8XjqFti6lC2 > BZhahWgYiEpfwgGX5B3YSwx7v6URq+dYdp0ZIYJFTAMitq6qDD8Y0wJ7bpd1zxb1 > GyVLDDBxkpzLOSFe21CqQVsWvOLU9AHlOWcT4AaKYU8M2s4XqyIqiY8WduAzJcen > l1Q2yryZ6uAYdpLsG4WHxu9WvfSE+85K0cvFlc302tVa/JyML40gsRueRN7gRAHa > zhPOu605ZgEP890CvP1jHN77hH7WU52MZqBJrscnFIbxEhuJtjMzXIPcGeJev+TR > aHiBzdGVsQUssFAL6B589l+Q3NxRSlU/zxCk9pERF3Ql8m/YPnlBiTdqa0Am3y6+ > PJF5ggmkDIeWCWuJwT9f1Rpm2zF/ooytnPlcIfm3hbETHFdzPjNBH52M/whXrCx6 > XdUw5Bk3sYkSdmrbgjqVY/gz+We3JzkWBPbiKf1I8DD7EOTT4lb5BNxsSKAslwZn > apbnIcTkMn9du22zIn5/o1iYbnUi52BEJkTj0ZNrmNDeVNMYA/A/ssUcC4ecEiql > aIDftfH+2sFvzDBIyB1eygibpcI2ILTy4J8gwLSAZyZ3oF65icnfTUldkqB/JBC8 > 6yVJKXMNIojTQo7NKaBJ3pDF1mALLzfXldGOqxudF7U7TlhGyvqA+SpTPxA9IM77 > qKHqWoOCfTci/4C+ncLn > =0kQn > -----END PGP SIGNATURE----- > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
