On 08/04/2014 01:36 AM, Nordgren, Bryce L -FS wrote:
> Spoke too soon. I needed the following "extra" selinux policy module to make 
> all the AVCs go away.
> 
> BTW: the instructions on http://www.freeipa.org/page/PKI really only work if 
> you leave the password blank when you create a new database with certutil. 
> Otherwise, the "ipa-getcert request" command creates tracking requests which 
> get stuck. Databases with passwords cause certmonger to error with a "Cert 
> storage slot still needs user PIN to be set.." This took me a couple of hours 
> to track down.

Hmm, sorry for incomplete instructions then. I updated the instructions to cope
with that situation better (details in
https://fedorahosted.org/freeipa/ticket/4466#comment:2). Please feel free to
report more findings or even better help us enhance the page even further :-)

HTH,
Martin

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to