Grant /usr/sbin/ipa_kpasswd "name_bind" access.

Requires selinux-policy-3.6.32-123 on F12
Requires selinux-policy-3.7.19-40 on F13

ticket 73

ipa.spec.in

@@ -85,7 +85,9 @@ Requires: python-krbV
 Requires: acl
 Requires: python-pyasn1 >= 0.0.9a
 Requires: libcap
-%if 0%{?fedora} >= 12 || 0%{?rhel} >= 6
+%{?fc12:Requires: selinux-policy >= 3.6.32-123}
+%{?fc13:Requires: selinux-policy >= 3.7.19-40}
+%if 0%{?fedora} >= 14 || 0%{?rhel} >= 6
 Requires: selinux-policy
 %endif
 Requires(post): selinux-policy-base

selinux/ipa_kpasswd/ipa_kpasswd.te

@@ -69,3 +69,11 @@ require {
 };
 
 allow ipa_kpasswd_t krb5kdc_conf_t:dir search_dir_perms;
+
+optional_policy(`
+    gen_require(`
+             type kerberos_password_port_t;
+    ')
+    corenet_tcp_bind_kerberos_password_port(ipa_kpasswd_t)
+')
+