[Freeipa-devel] ipadb.so
Mahmoud
gh.mdgh at gmail.com
Mon Sep 9 16:49:22 UTC 2013
Hello Mr. Dmitri Pal
Thank you very much for your help.
I tried to change source code to have more option. It was difficult for me
to understand FreeIPA source code. Hence, I decided to change Kerberos
source code. I want to add more features to Kerberos. For example, I like
to have two (or several) types of ticket expiration.
Thanks
Best regards
On Mon, Sep 9, 2013 at 8:13 PM, Dmitri Pal <dpal at redhat.com> wrote:
> On 09/09/2013 10:55 AM, Mahmoud wrote:
>
> Hello,
>
> Thank you very much for your time and attention.
>
> I changed client side code (kinit.c) but it requires to change all
> clients. Now, I decided to change server side code.
>
>
> It seems that you should try to contribute code upstream if you want to
> end up with any kind of support of your enhancements, otherwise you would
> have to maintain your own version.
>
>
> I thought it may be better choice. Should I change policy.c file to
> change ticket policies?
>
>
> What policies do you want to change and why? You might have described your
> intent on some other thread in some other list but not here.
>
>
> It does not require recompiling krb5kdc?
>
>
> I suspect it does...
>
>
> I install FreeIPA on Fedora 18, When I execute klist -V command, hence
> get following result:
> Kerberos 5 version 1.10.3
>
> Fedora 19 has 1.11
>
> IMO the best would be to have a details explanation of what you are trying
> to accomplish.
> This way we would be able to help you with the right approach.
> But it seems that building custom code might not be best option.
>
> Thanks
> Dmitri
>
>
> Best regards.
>
> On Mon, Sep 9, 2013 at 6:00 PM, Simo Sorce <simo at redhat.com> wrote:
>
>> On Mon, 2013-09-09 at 08:07 +0430, Mahmoud wrote:
>> > Hello Simo
>> >
>> >
>> > The previous problem occurred due to installing krb5-1.11.3. I install
>> > krb5-1.10.6 and copy ipadb.so in appropriate directory, hence the
>> > problem has been solved. Is it all right?
>>
>>
>> No it is not, we require 1.11.3 for OTP support in the latest FreeIPA.
>>
>> Seriously, chaingin the KDC is the last thing you want to do to solve
>> your problem.
>>
>> Have you looked into creating custom ticket policies for your users ?
>>
>> Why do you need to change the KDC to do that ?
>>
>> Simo.
>> >
>> > Thank you.
>> >
>> > Best regards.
>> >
>> >
>> >
>> > On Mon, Sep 9, 2013 at 7:47 AM, Luke Howard <lukeh at padl.com> wrote:
>> >
>> > On 09/09/2013, at 1:08 PM, Mahmoud <gh.mdgh at gmail.com> wrote:
>> >
>> > > I thought FreeIpa uses krb5-1.10.3, but I use klist -V get
>> > following result:
>> > > Kerberos 5 version 1.10.3
>> >
>> >
>> > Aren't these the same thing?
>> >
>> > -- Luke
>> >
>> >
>>
>>
>> --
>> Simo Sorce * Red Hat, Inc * New York
>>
>>
>
>
> _______________________________________________
> Freeipa-devel mailing listFreeipa-devel at redhat.comhttps://www.redhat.com/mailman/listinfo/freeipa-devel
>
>
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager for IdM portfolio
> Red Hat Inc.
>
>
> -------------------------------
> Looking to carve out IT costs?www.redhat.com/carveoutcosts/
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130909/c11b91fa/attachment.htm>
More information about the Freeipa-devel
mailing list