I have just migrated my Kerberos setup to a new machine (running inside
Xen) and it is complaining at startup about the file contexts not being
correct, even after running /sbin/fixfiles. On the previous machine I'm
sure I had set SELinux to permissive and that's why it never complained.
Here are the contexts *after* running /sbin/fixfiles -R krb5-server
restore
# ls -AlZ /var/kerberos/krb5kdc/
-rw------- root root
system_u:object_r:krb5kdc_conf_t .k5.BEAV.VIRTUALXISTENZ.COM
-rw-r--r-- root root system_u:object_r:krb5kdc_conf_t kadm5.acl
-rw------- root root system_u:object_r:krb5kdc_conf_t kadm5.keytab
-rw-r--r-- root root system_u:object_r:krb5kdc_conf_t kdc.conf
-rw------- root root system_u:object_r:krb5kdc_principal_t principal
-rw------- root root system_u:object_r:krb5kdc_principal_t
principal.kadm5
-rw------- root root system_u:object_r:krb5kdc_principal_t
principal.kadm5.lock
-rw------- root root system_u:object_r:krb5kdc_principal_t principal.ok
I suspect the file permissions are slightly off and therefore it's not
correctly detecting the configuration files. How can I find out what
the owner/group/mode of the file should be? It seems like this would be
a simple thing, but at the moment it is escaping me...
--Tim
____________________________________________________________
< Look! A ladder! Maybe it leads to heaven, or a sandwich! >
------------------------------------------------------------
\
\ \
\ /\
( )
.( o ).