[Freeipa-devel] ipadb.so
Dmitri Pal
dpal at redhat.com
Tue Sep 10 00:54:17 UTC 2013
On 09/09/2013 12:49 PM, Mahmoud wrote:
> Hello Mr. Dmitri Pal
>
> Thank you very much for your help.
>
> I tried to change source code to have more option. It was difficult
> for me to understand FreeIPA source code. Hence, I decided to change
> Kerberos source code. I want to add more features to Kerberos. For
> example, I like to have two (or several) types of ticket expiration.
What do you mean by several types of ticket expiration?
Can you please give an example?
>
> Thanks
> Best regards
>
>
> On Mon, Sep 9, 2013 at 8:13 PM, Dmitri Pal <dpal at redhat.com
> <mailto:dpal at redhat.com>> wrote:
>
> On 09/09/2013 10:55 AM, Mahmoud wrote:
>> Hello,
>>
>> Thank you very much for your time and attention.
>>
>> I changed client side code (kinit.c) but it requires to change
>> all clients. Now, I decided to change server side code.
>
> It seems that you should try to contribute code upstream if you
> want to end up with any kind of support of your enhancements,
> otherwise you would have to maintain your own version.
>
>
>> I thought it may be better choice. Should I change policy.c file
>> to change ticket policies?
>
> What policies do you want to change and why? You might have
> described your intent on some other thread in some other list but
> not here.
>
>
>> It does not require recompiling krb5kdc?
>
> I suspect it does...
>
>
>> I install FreeIPA on Fedora 18, When I execute klist -V command,
>> hence get following result:
>> Kerberos 5 version 1.10.3
>>
> Fedora 19 has 1.11
>
> IMO the best would be to have a details explanation of what you
> are trying to accomplish.
> This way we would be able to help you with the right approach.
> But it seems that building custom code might not be best option.
>
> Thanks
> Dmitri
>
>
>> Best regards.
>>
>> On Mon, Sep 9, 2013 at 6:00 PM, Simo Sorce <simo at redhat.com
>> <mailto:simo at redhat.com>> wrote:
>>
>> On Mon, 2013-09-09 at 08:07 +0430, Mahmoud wrote:
>> > Hello Simo
>> >
>> >
>> > The previous problem occurred due to installing
>> krb5-1.11.3. I install
>> > krb5-1.10.6 and copy ipadb.so in appropriate directory,
>> hence the
>> > problem has been solved. Is it all right?
>>
>>
>> No it is not, we require 1.11.3 for OTP support in the latest
>> FreeIPA.
>>
>> Seriously, chaingin the KDC is the last thing you want to do
>> to solve
>> your problem.
>>
>> Have you looked into creating custom ticket policies for your
>> users ?
>>
>> Why do you need to change the KDC to do that ?
>>
>> Simo.
>> >
>> > Thank you.
>> >
>> > Best regards.
>> >
>> >
>> >
>> > On Mon, Sep 9, 2013 at 7:47 AM, Luke Howard <lukeh at padl.com
>> <mailto:lukeh at padl.com>> wrote:
>> >
>> > On 09/09/2013, at 1:08 PM, Mahmoud
>> <gh.mdgh at gmail.com <mailto:gh.mdgh at gmail.com>> wrote:
>> >
>> > > I thought FreeIpa uses krb5-1.10.3, but I use
>> klist -V get
>> > following result:
>> > > Kerberos 5 version 1.10.3
>> >
>> >
>> > Aren't these the same thing?
>> >
>> > -- Luke
>> >
>> >
>>
>>
>> --
>> Simo Sorce * Red Hat, Inc * New York
>>
>>
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com <mailto:Freeipa-devel at redhat.com>
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager for IdM portfolio
> Red Hat Inc.
>
>
> -------------------------------
> Looking to carve out IT costs?
> www.redhat.com/carveoutcosts/ <http://www.redhat.com/carveoutcosts/>
>
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com <mailto:Freeipa-devel at redhat.com>
> https://www.redhat.com/mailman/listinfo/freeipa-devel
>
>
--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130909/b44ffa66/attachment.htm>
More information about the Freeipa-devel
mailing list