Thanks, I can put that in Sat.
Technical Specialist - Linux RHCE
Victoria University, Wellington, NZ
0064 4 463 6272
From: Simo Sorce [s...@redhat.com]
Sent: Friday, 9 March 2012 10:35 a.m.
To: Steven Jones
Subject: Re: [Freeipa-users] IPA clashing with selinux on users home directories
On Thu, 2012-03-08 at 21:27 +0000, Steven Jones wrote:
> I used ipa-client-install --mkhomedir
> How do I change that so it will do so properly?
> Steven Jones
> Technical Specialist - Linux RHCE
> Victoria University, Wellington, NZ
> 0064 4 463 6272
> From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on
> behalf of Stephen Gallagher [sgall...@redhat.com]
> Sent: Friday, 9 March 2012 9:43 a.m.
> To: email@example.com
> Subject: Re: [Freeipa-users] IPA clashing with selinux on users home
> On Thu, 2012-03-08 at 20:14 +0000, Steven Jones wrote:
> > Hi,
> > I am setting up some IPA users what I have noticed is if I or they type
> > startx to start a gui locking the .Xauthority fails, if I setenforce 0
> > then it works fine.....I have never seen this behaviour before and
> > googling suggests its an IPA and selinux conflict.
> > and in fact when I create a local user they get an instant gui from
> > running startx...
> I'm guessing you're creating your home directories with the help of
> pam_mkhomedir.so. This won't work with SELinux. You need to install and
> use pam_oddjob_mkhomedir.so instead, which will properly set up SELinux
> contexts for your users.
If you install oddjob_homedir before running ipa-client-install then it
should pick that up automatically.
We already have a patch upstream to require oddjob-mkhomedir at rpm
Simo Sorce * Red Hat, Inc * New York
Freeipa-users mailing list