On Thu, 2012-03-08 at 21:27 +0000, Steven Jones wrote:
> Hi,
> 
> I used ipa-client-install --mkhomedir
> 
> How do I change that so it will do so properly?
> 
> regards
> 
> Steven Jones
> 
> Technical Specialist - Linux RHCE
> 
> Victoria University, Wellington, NZ
> 
> 0064 4 463 6272
> 
> ________________________________________
> From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on 
> behalf of Stephen Gallagher [sgall...@redhat.com]
> Sent: Friday, 9 March 2012 9:43 a.m.
> To: freeipa-users@redhat.com
> Subject: Re: [Freeipa-users] IPA clashing with selinux on users home 
> directories
> 
> On Thu, 2012-03-08 at 20:14 +0000, Steven Jones wrote:
> > Hi,
> >
> > I am setting up some IPA users what I have noticed is if I or they type
> > startx to start a gui locking the .Xauthority fails, if I setenforce 0
> > then it works fine.....I have never seen this behaviour before and
> > googling suggests its an IPA and selinux conflict.
> >
> > and in fact when I create a local user they get an instant gui from
> > running startx...
> >
> 
> I'm guessing you're creating your home directories with the help of
> pam_mkhomedir.so. This won't work with SELinux. You need to install and
> use pam_oddjob_mkhomedir.so instead, which will properly set up SELinux
> contexts for your users.

If you install oddjob_homedir before running ipa-client-install then it
should pick that up automatically.

We already have a patch upstream to require oddjob-mkhomedir at rpm
install.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to