Comments for Kostas' random thoughts http://www.atreides.org.uk/blog Μη μου τους κύκλους τάρατε Thu, 15 Mar 2007 01:23:03 +0000 http://wordpress.org/?v=2.8.6 hourly 1 Comment on cyrus-imapd and GSSAPI authentication by Kostas Georgiou http://www.atreides.org.uk/blog/2007/03/03/cyrus-imapd-and-gssapi-authentication/comment-page-1/#comment-6 Kostas Georgiou Thu, 15 Mar 2007 01:23:03 +0000 http://www.atreides.org.uk/blog/2007/03/03/cyrus-imapd-and-gssapi-authentication/#comment-6 I forgot to switch selinux to enforcing in my last tests so I just found out that I also need to allow access to krb5.conf from cyrus-imapd <a href="https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=232372" rel="nofollow">#232372</a> I suspect I am going to need similar modules for other services... <code>module mycyrusimapd 1.0.0; require { class dir search; class file { read getattr }; type cyrus_t; type krb5_conf_t; role system_r; }; allow cyrus_t krb5_conf_t:file read; allow cyrus_t krb5_conf_t:file getattr; </code> I forgot to switch selinux to enforcing in my last tests so I just found out that I also need to allow access to krb5.conf from cyrus-imapd #232372

I suspect I am going to need similar modules for other services…
module mycyrusimapd 1.0.0;
require {
class dir search;
class file { read getattr };
type cyrus_t;
type krb5_conf_t;
role system_r;
};
allow cyrus_t krb5_conf_t:file read;
allow cyrus_t krb5_conf_t:file getattr;

]]> Comment on cyrus-imapd and GSSAPI authentication by Kostas Georgiou http://www.atreides.org.uk/blog/2007/03/03/cyrus-imapd-and-gssapi-authentication/comment-page-1/#comment-3 Kostas Georgiou Sun, 04 Mar 2007 00:46:12 +0000 http://www.atreides.org.uk/blog/2007/03/03/cyrus-imapd-and-gssapi-authentication/#comment-3 And of course it was me that somehow managed to get my keytabs out of sync with the krb server. And of course it was me that somehow managed to get my keytabs out of sync with the krb server.

]]> Comment on OpenLDAP or Fedora Directory Server by Kostas Georgiou http://www.atreides.org.uk/blog/2007/02/06/openldap-or-fedora-directory-server/comment-page-1/#comment-2 Kostas Georgiou Sun, 18 Feb 2007 13:56:31 +0000 http://www.atreides.org.uk/blog/2007/02/06/openldap-or-fedora-directory-server/#comment-2 FDS is now available in fedora extras :) Unfortunately the rpm depencies aren't that simple which means that for the RHEL installs I'll stick with OpenLDAP since I can not afford the $$$ supported RedHat version and the rebuilding/testing of the srpms is going to require time that I don't have :( FDS is now available in fedora extras :) Unfortunately the rpm depencies aren’t that simple which means that for the RHEL installs I’ll stick with OpenLDAP since I can not afford the $$$
supported RedHat version and the rebuilding/testing of the srpms is going to require time that I don’t have :(

]]>