[Freeipa-devel] ipadb.so

Dmitri Pal dpal at redhat.com
Tue Sep 10 00:54:17 UTC 2013 

On 09/09/2013 12:49 PM, Mahmoud wrote:
> Hello Mr. Dmitri Pal
>
> Thank you very much for your help.
>
> I tried to change source code to have more option. It was difficult
> for me to understand FreeIPA source code. Hence, I decided to change
> Kerberos source code. I want to add more features to Kerberos. For
> example, I like to have two (or several) types of ticket expiration.

What do you mean by several types of ticket expiration?
Can you please give an example?

>
> Thanks
> Best regards
>
>
> On Mon, Sep 9, 2013 at 8:13 PM, Dmitri Pal <dpal at redhat.com
> <mailto:dpal at redhat.com>> wrote:
>
>     On 09/09/2013 10:55 AM, Mahmoud wrote:
>>     Hello,
>>
>>     Thank you very much for your time and attention.
>>
>>     I changed client side code (kinit.c) but it requires to change
>>     all clients. Now, I decided to change server side code.
>
>     It seems that you should try to contribute code upstream if you
>     want to end up with any kind of support of your enhancements,
>     otherwise you would have to maintain your own version.
>
>
>>     I thought it may be better choice. Should I change policy.c file
>>     to change ticket policies?
>
>     What policies do you want to change and why? You might have
>     described your intent on some other thread in some other list but
>     not here.
>
>
>>     It does not require recompiling krb5kdc?
>
>     I suspect it does...
>
>
>>     I install FreeIPA on Fedora 18, When I execute klist -V command,
>>     hence get following result:
>>     Kerberos 5 version 1.10.3
>>
>     Fedora 19 has 1.11
>
>     IMO the best would be to have a details explanation of what you
>     are trying to accomplish.
>     This way we would be able to help you with the right approach.
>     But it seems that building custom code might not be best option.
>
>     Thanks
>     Dmitri
>
>
>>     Best regards.
>>
>>     On Mon, Sep 9, 2013 at 6:00 PM, Simo Sorce <simo at redhat.com
>>     <mailto:simo at redhat.com>> wrote:
>>
>>         On Mon, 2013-09-09 at 08:07 +0430, Mahmoud wrote:
>>         > Hello Simo
>>         >
>>         >
>>         > The previous problem occurred due to installing
>>         krb5-1.11.3. I install
>>         > krb5-1.10.6 and copy ipadb.so in appropriate directory,
>>         hence the
>>         > problem has been solved. Is it all right?
>>
>>
>>         No it is not, we require 1.11.3 for OTP support in the latest
>>         FreeIPA.
>>
>>         Seriously, chaingin the KDC is the last thing you want to do
>>         to solve
>>         your problem.
>>
>>         Have you looked into creating custom ticket policies for your
>>         users ?
>>
>>         Why do you need to change the KDC to do that ?
>>
>>         Simo.
>>         >
>>         > Thank you.
>>         >
>>         > Best regards.
>>         >
>>         >
>>         >
>>         > On Mon, Sep 9, 2013 at 7:47 AM, Luke Howard <lukeh at padl.com
>>         <mailto:lukeh at padl.com>> wrote:
>>         >
>>         >         On 09/09/2013, at 1:08 PM, Mahmoud
>>         <gh.mdgh at gmail.com <mailto:gh.mdgh at gmail.com>> wrote:
>>         >
>>         >         > I thought FreeIpa uses krb5-1.10.3, but I use
>>         klist -V get
>>         >         following result:
>>         >         > Kerberos 5 version 1.10.3
>>         >
>>         >
>>         >         Aren't these the same thing?
>>         >
>>         >         -- Luke
>>         >
>>         >
>>
>>
>>         --
>>         Simo Sorce * Red Hat, Inc * New York
>>
>>
>>
>>
>>     _______________________________________________
>>     Freeipa-devel mailing list
>>     Freeipa-devel at redhat.com <mailto:Freeipa-devel at redhat.com>
>>     https://www.redhat.com/mailman/listinfo/freeipa-devel
>
>
>     -- 
>     Thank you,
>     Dmitri Pal
>
>     Sr. Engineering Manager for IdM portfolio
>     Red Hat Inc.
>
>
>     -------------------------------
>     Looking to carve out IT costs?
>     www.redhat.com/carveoutcosts/ <http://www.redhat.com/carveoutcosts/>
>
>
>
>     _______________________________________________
>     Freeipa-devel mailing list
>     Freeipa-devel at redhat.com <mailto:Freeipa-devel at redhat.com>
>     https://www.redhat.com/mailman/listinfo/freeipa-devel
>
>


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130909/b44ffa66/attachment.htm>

More information about the Freeipa-devel mailing list