Policy for authenticating domain users
Daniel J Walsh
dwalsh at redhat.com
Tue Feb 16 17:11:15 UTC 2010
On 02/15/2010 01:27 PM, Scott Salley wrote:
> I'm working on a set of patches to integrate Likewise Open (Active
> Directory authentication for Unix/Linux/Mac) into Fedora/SELinux.
>
>
>
> I am having trouble defining how a user's home directory should be
> handled.
>
>
>
> We don't place users directly in /home as the domain user account name
> may conflict with an existing account. Instead, we use /home/%D/%U
> where %D is the domain and %U is the user account. (We may have users
> with the same account name in different domains.)
>
>
>
> I want to make sure that if users are joined while SELinux is not
> enabled, and then SELinux is re-enabled, the files get the proper
> contexts.
>
>
>
> Suggestions?
>
>
>
>
>
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
Do you know the name of all domains?
In Fedora 12
for d in $DOMAINS; do
semanage fcontext -a -e /home /home/$d
done
More information about the selinux
mailing list