Why IPA client creates home directory with wrong SELinux context when pam_mkhomedir.so is used ?

Solution Verified - Updated -

Issue

  • We are using FreeIPA to centrally manage users. These users logon with SSH to servers. Client servers are added to FreeIPA domain using command "ipa-client-install --mkhomedir" so that PAM creates new home directory for them on first logon but new home directories has wrong SELinux context like this:
[root@example home]# ls -laZ .
drwxr-xr-x. root       root       system_u:object_r:home_root_t:s0 .
dr-xr-xr-x. root       root       system_u:object_r:root_t:s0      ..
drwxr-xr-x. username username unconfined_u:object_r:home_root_t:s0 username
  • Why IPA client creates home directory with wrong SELinux context when pam_mkhomedir.so is used ?

Environment

  • Red Hat Enterprise Linux 6
  • IPA client
  • pam_mkhomedir.so

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.