[Freeipa-devel] status of radius IPA work
Karl MacMillan
kmacmill at redhat.com
Mon Nov 5 14:45:34 UTC 2007
On Fri, 2007-11-02 at 16:54 -0400, John Dennis wrote:
> Phew, this has been a long week, I've made progress.
>
> The radius server is now able to perform a SASL bind to the IPA LDAP
> server using kerberos tickets obtained during the IPA install. Radiusd
> is can also successfully perform LDAP queries. The major components of
> the work thus far have been:
>
> * authored radiusinstance.py which does the following:
> - installs a radius LDAP schema in the slapd instance
> - generates and installs the radiusd configuration file
> - generates and installs the kerberos radius service keytab
> - starts and stops the radiusd server
>
> * Modified the radius ldap module:
> - modified the autotool files to add configuration options
> for building with SASL2 and KRB5, these can be toggled on
> or off separately and the locations of the header files
> can be specified (often necessary because many distributions
> install these components in alternate locations or co-install
> different versions.
>
> All code additions properly #ifdef'ed by symbols defined by
> configure.
>
> Proper autotool support will be necessary for upstream
> acceptance.
>
> - added support for new options in the radiusd configuration file to
> handle ldap sasl and krb parameters.
>
> - added struct (object) to group all kerberos values into an
> 'instance'
>
> - added code to acquire the kerberos service ticket, track it's
> expiration, and use it to perform a bind to the IPA LDAP server.
>
> - all code does proper initialization, shutdown with freeing and
> destroying of resources, debug tracing, and error handling in the
> context of the freeradius code.
>
When will you submit this work to freeradius? I'm wondering whether we
will know if these changes are acceptable to upstream before freeipa v1.
Karl
More information about the Freeipa-devel
mailing list