Comments on: cyrus-imapd and GSSAPI authentication http://www.atreides.org.uk/blog/2007/03/03/cyrus-imapd-and-gssapi-authentication/ Μη μου τους κύκλους τάρατε Thu, 15 Mar 2007 01:23:03 +0000 http://wordpress.org/?v=2.8.6 hourly 1 By: Kostas Georgiou http://www.atreides.org.uk/blog/2007/03/03/cyrus-imapd-and-gssapi-authentication/comment-page-1/#comment-6 Kostas Georgiou Thu, 15 Mar 2007 01:23:03 +0000 http://www.atreides.org.uk/blog/2007/03/03/cyrus-imapd-and-gssapi-authentication/#comment-6 I forgot to switch selinux to enforcing in my last tests so I just found out that I also need to allow access to krb5.conf from cyrus-imapd <a href="https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=232372" rel="nofollow">#232372</a> I suspect I am going to need similar modules for other services... <code>module mycyrusimapd 1.0.0; require { class dir search; class file { read getattr }; type cyrus_t; type krb5_conf_t; role system_r; }; allow cyrus_t krb5_conf_t:file read; allow cyrus_t krb5_conf_t:file getattr; </code> I forgot to switch selinux to enforcing in my last tests so I just found out that I also need to allow access to krb5.conf from cyrus-imapd #232372

I suspect I am going to need similar modules for other services…
module mycyrusimapd 1.0.0;
require {
class dir search;
class file { read getattr };
type cyrus_t;
type krb5_conf_t;
role system_r;
};
allow cyrus_t krb5_conf_t:file read;
allow cyrus_t krb5_conf_t:file getattr;

]]> By: Kostas Georgiou http://www.atreides.org.uk/blog/2007/03/03/cyrus-imapd-and-gssapi-authentication/comment-page-1/#comment-3 Kostas Georgiou Sun, 04 Mar 2007 00:46:12 +0000 http://www.atreides.org.uk/blog/2007/03/03/cyrus-imapd-and-gssapi-authentication/#comment-3 And of course it was me that somehow managed to get my keytabs out of sync with the krb server. And of course it was me that somehow managed to get my keytabs out of sync with the krb server.

]]>