KDCproxy - SELinux Tip(14 Sep 2017)
A quick tip for anyone who might be experiencing a strange issue when attempting to leverage Red Hat's IdM KDCproxy functionality. In a recently deployment which required segmentation of RHEL7.2 nodes in a DMZ, there was a requirement for allowing authentication access via an internal KDC. This was a perfect use case for leveraging the KDCproxy functionality. Since SSSD was calling the kdc_child process, which attempts to access the KDC over HTTPS, I was finding some strange behavior in which access was being denied by SSSD when testing authentication to the internal KDC.