On 08/04/2014 01:36 AM, Nordgren, Bryce L -FS wrote: > Spoke too soon. I needed the following "extra" selinux policy module to make > all the AVCs go away. > > BTW: the instructions on http://www.freeipa.org/page/PKI really only work if > you leave the password blank when you create a new database with certutil. > Otherwise, the "ipa-getcert request" command creates tracking requests which > get stuck. Databases with passwords cause certmonger to error with a "Cert > storage slot still needs user PIN to be set.." This took me a couple of hours > to track down.
Hmm, sorry for incomplete instructions then. I updated the instructions to cope with that situation better (details in https://fedorahosted.org/freeipa/ticket/4466#comment:2). Please feel free to report more findings or even better help us enhance the page even further :-) HTH, Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
