kerberos and selinux

Chris Hecker checker at
Thu May 23 02:23:40 EDT 2013

I run with SELinux enabled, and krb5kdc and kadmin both want read access 
to /etc/pki/tls on startup.  I'm using ldaps as the protocol for talking 
to slapd, is this why?  This is on Centos 5, which I know is a bit old.

My KDC and kadmin work fine without allowing this access, and there's 
nothing in krb5kdc.log or kadmind.log, just the AVC's in audit.log.

Should I enable these guys to read cert_t files, or should I ignore 
them?  If the latter, is there a configuration setting for making them 
stop trying the directory?


More information about the Kerberos mailing list