On Thu, 2012-03-08 at 21:27 +0000, Steven Jones wrote: > Hi, > > I used ipa-client-install --mkhomedir > > How do I change that so it will do so properly? > > regards > > Steven Jones > > Technical Specialist - Linux RHCE > > Victoria University, Wellington, NZ > > 0064 4 463 6272 > > ________________________________________ > From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on > behalf of Stephen Gallagher [sgall...@redhat.com] > Sent: Friday, 9 March 2012 9:43 a.m. > To: firstname.lastname@example.org > Subject: Re: [Freeipa-users] IPA clashing with selinux on users home > directories > > On Thu, 2012-03-08 at 20:14 +0000, Steven Jones wrote: > > Hi, > > > > I am setting up some IPA users what I have noticed is if I or they type > > startx to start a gui locking the .Xauthority fails, if I setenforce 0 > > then it works fine.....I have never seen this behaviour before and > > googling suggests its an IPA and selinux conflict. > > > > and in fact when I create a local user they get an instant gui from > > running startx... > > > > I'm guessing you're creating your home directories with the help of > pam_mkhomedir.so. This won't work with SELinux. You need to install and > use pam_oddjob_mkhomedir.so instead, which will properly set up SELinux > contexts for your users.
If you install oddjob_homedir before running ipa-client-install then it should pick that up automatically. We already have a patch upstream to require oddjob-mkhomedir at rpm install. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list Freeipaemail@example.com https://www.redhat.com/mailman/listinfo/freeipa-users