Description of problem: Red Hat Enterprise IPA installs and configures a KDC in its installation script. The KDC fails to start due to an SELinux problem: I get type=AVC msg=audit(1208546129.121:35): avc: denied { create } for pid=4714 comm="krb5kdc" name="krb5kdc.log" scontext=root:system_r:krb5kdc_t:s0 tcontext=system_u:object_r:krb5kdc_log_t:s0 tclass=file Version-Release number of selected component (if applicable): krb5-server-1.6.1-24.el5 libselinux-python-1.33.4-4.el5 selinux-policy-targeted-2.4.6-133.el5 libselinux-1.33.4-4.el5 libselinux-1.33.4-4.el5 selinux-policy-2.4.6-133.el5 ipa-server-selinux-1.0.0-2.el5ipa How reproducible: Steps to Reproduce: 1. /usr/sbin/ipa-server-install Actual results: KDC restart will fail. Note that if you create /var/log/krb5kdc.log and run restorecon on it then the KDC will work fine. Dan Walsh noted in 442981 that it will also start ok on a reboot.
we have the related bug 442981 block our ipa 1.0 beta ...
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2008-0465.html