[root@replicahostname ~]# sestatus
SELinux status: disabled
[root@replicahostname ~]# audit2why -b -w -t avc
[root@replicahostname ~]#
Nothing in the audit log after audit2why came back either.
Thank You,
Rashard Kelly
From: Alexander Bokovoy <aboko...@redhat.com>
To: rashard.ke...@sita.aero
Cc: Sumit Bose <sb...@redhat.com>, freeipa-users@redhat.com
Date: 04/11/2014 09:06 AM
Subject: Re: [Freeipa-users] ipa: ERROR: did not receive Kerberos
credentials
On Fri, 11 Apr 2014, rashard.ke...@sita.aero wrote:
>futex(0x7f0e2e1462c0, FUTEX_WAKE_PRIVATE, 2147483647) = 0
>open("/tmp/krb5cc_1599100000_CUkupo", O_RDONLY) = -1 EACCES (Permission
>denied)
Are you sure you don't have SELinux really running and enabled?
Because the following output makes me really worry:
>> [root@replicahostname /tmp]# ll -Za
>> drwxrwxrwt. root root system_u:object_r:tmp_t:s0 .
>> dr-xr-xr-x. root root system_u:object_r:root_t:s0 ..
>> -rw------- rkelly rkelly ? .bash_history
>> drwxrwxrwt root root ? .ICE-unix
>> drwxrwxr-x rkelly rkelly ? .ipa
>> -r-------- root root ? krb5cc_0
>> -r-------- xs05144 xs05144 ? krb5cc_1599000020_u5RRhd
>> -r-------- rkelly rkelly ? krb5cc_1599100000_CUkupo
>> -r-------- rkelly rkelly ? krb5cc_1599100000_ZekyY0
These rkelly:rkelly krb5cc_* files have no SELinux label and should be
readable to the owner.
Can you show:
[root] # sestatus
[root] # audit2why -b -w -t avc
--
/ Alexander Bokovoy
This document is strictly confidential and intended only for use by the
addressee unless otherwise stated. If you are not the intended recipient,
please notify the sender immediately and delete it from your system.
See you at 2014 Air Transport IT Summit, 17-19 June 2014
Click here to register http://www.sitasummit.aero
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
