[Freeipa-devel] [PATCH] krb 1.12's OTP-Over-RADIUS

Simo Sorce simo at redhat.com
Thu Apr 11 22:34:37 UTC 2013 

On Thu, 2013-04-11 at 16:49 -0400, Nathaniel McCallum wrote:
> On Thu, 2013-04-11 at 14:35 -0400, Simo Sorce wrote:
> > On Thu, 2013-04-11 at 14:12 -0400, Nathaniel McCallum wrote:
> > > On Wed, 2013-04-10 at 15:35 -0400, Rob Crittenden wrote:
> > > > I'm not sure how I'd test it if I got it built.
> > > 
> > > I'm working on this. I hope to have a clear answer next week. Bear with
> > > me...
> > > 
> > > > Overall looks really good.
> > > 
> > > I've split up the patch into multiple commits. I've also added .update
> > > files and a patch for ipa-kdb to feed krb5 the right user string.
> > > 
> > > https://github.com/npmccallum/freeipa/commits/otp
> > > 
> > > Please take a look. I *think* I've got everything worked out so far with
> > > the exception of bug numbers / urls. Should every patch have a separate
> > > bug and a link to the design page?
> > 
> > Please do not do a search of the global tree in ipadb_parse_otp(), it
> > would cause an additional search at every lookup and this path is
> > already too slow for the common case.
> > 
> > Add the search for global data in ipa_get_global_configs() (ipa_kdb.c)
> > and make the information available through the global context.
> 
> Thanks, I forgot to ask about this. I pushed a fix. The only extra
> network/query cost now during getprinc is just a single (multi-value)
> attribute on the user entry.
> 
> > Also I am correct that the last patch makes configure fail if systemd is
> > not available ?
> > It should be possible to build on systems that do not use systemd.
> 
> I thought we depended on systemd now. Being buildable without systemd
> will take some more work (I'll have to implement all the daemonizing
> code or use something like xinetd).

There has been some (slow) work on allowing to build FreeIPA on other
systems (debian based) and a systemd dependency would make it harder.

We do not really have a dependency on systemd, but if it is a lot more
work then I guess we can simply open a ticket about it being an issue
and defer, maybe by the time we get around to doing something about it
all other distribution will have fallen in line after all.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

More information about the Freeipa-devel mailing list