https://bugzilla.novell.com/show_bug.cgi?id=846586
https://bugzilla.novell.com/show_bug.cgi?id=846586#c15
--- Comment #15 from lynn wilson 2013-11-02 07:14:58 UTC ---
Re: apparmor in a domain:
http://lists.opensuse.org/opensuse-factory/2013-11/msg00036.html
Please could we recognise that samba is often used as a domain file server and
add:
/var/lib/sss/mc/passwd read (r)
/var/lib/sss/pubconf/kdcinfo.$KRB5.REALM read (r)
/etc/krb5.keytab lock (k)
to the profile for:
/usr/sbin/smbd
I include the sssd files since I assumed that openSUSE now prefers it over pam
ldap and nss ldap (e.g. they changed from those to sssd for their YaST ldap
config).
The $KRB5.REALM is not a real enviromnent variable but can easily be obtained
from sssd.conf or krb5.conf.
There's another problem here since sssd does not need /etc/krb5.conf to be
present so apparmor looks for it and will never find it.
Do we have any dev who works with Samba in a domain?
Thanks so much for your help.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.