[Freeipa-devel] ipadb.so

Mahmoud gh.mdgh at gmail.com
Mon Sep 9 16:49:22 UTC 2013 

Hello Mr. Dmitri Pal

Thank you very much for your help.

I tried to change source code to have more option. It was difficult for me
to understand FreeIPA source code. Hence, I decided to change Kerberos
source code. I want to add more features to Kerberos. For example, I like
to have two (or several) types of ticket expiration.

Thanks
Best regards


On Mon, Sep 9, 2013 at 8:13 PM, Dmitri Pal <dpal at redhat.com> wrote:

>  On 09/09/2013 10:55 AM, Mahmoud wrote:
>
>  Hello,
>
>  Thank you very much for your time and attention.
>
>  I changed client side code (kinit.c) but it requires to change all
> clients. Now, I decided to change server side code.
>
>
> It seems that you should try to contribute code upstream if you want to
> end up with any kind of support of your enhancements, otherwise you would
> have to maintain your own version.
>
>
>    I thought it may be better choice. Should I change policy.c file to
> change ticket policies?
>
>
> What policies do you want to change and why? You might have described your
> intent on some other thread in some other list but not here.
>
>
>    It does not require recompiling krb5kdc?
>
>
> I suspect it does...
>
>
>    I install FreeIPA on Fedora 18, When I execute klist -V command, hence
> get following result:
> Kerberos 5 version 1.10.3
>
>     Fedora 19 has 1.11
>
> IMO the best would be to have a details explanation of what you are trying
> to accomplish.
> This way we would be able to help you with the right approach.
> But it seems that building custom code might not be best option.
>
> Thanks
> Dmitri
>
>
>    Best regards.
>
> On Mon, Sep 9, 2013 at 6:00 PM, Simo Sorce <simo at redhat.com> wrote:
>
>> On Mon, 2013-09-09 at 08:07 +0430, Mahmoud wrote:
>> > Hello Simo
>> >
>> >
>> > The previous problem occurred due to installing krb5-1.11.3. I install
>> > krb5-1.10.6 and copy ipadb.so in appropriate directory, hence the
>> > problem has been solved. Is it all right?
>>
>>
>>  No it is not, we require 1.11.3 for OTP support in the latest FreeIPA.
>>
>> Seriously, chaingin the KDC is the last thing you want to do to solve
>> your problem.
>>
>> Have you looked into creating custom ticket policies for your users ?
>>
>> Why do you need to change the KDC to do that ?
>>
>> Simo.
>>  >
>> > Thank you.
>> >
>> > Best regards.
>> >
>> >
>> >
>> > On Mon, Sep 9, 2013 at 7:47 AM, Luke Howard <lukeh at padl.com> wrote:
>> >
>> >         On 09/09/2013, at 1:08 PM, Mahmoud <gh.mdgh at gmail.com> wrote:
>> >
>> >         > I thought FreeIpa uses krb5-1.10.3, but I use klist -V get
>> >         following result:
>> >         > Kerberos 5 version 1.10.3
>> >
>> >
>> >         Aren't these the same thing?
>> >
>> >         -- Luke
>> >
>> >
>>
>>
>>  --
>> Simo Sorce * Red Hat, Inc * New York
>>
>>
>
>
> _______________________________________________
> Freeipa-devel mailing listFreeipa-devel at redhat.comhttps://www.redhat.com/mailman/listinfo/freeipa-devel
>
>
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager for IdM portfolio
> Red Hat Inc.
>
>
> -------------------------------
> Looking to carve out IT costs?www.redhat.com/carveoutcosts/
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130909/c11b91fa/attachment.htm>

More information about the Freeipa-devel mailing list