[Freeipa-devel] [PATCH 0036] Move ipa-otpd socket directory
Martin Kosek
mkosek at redhat.com
Tue Feb 11 08:50:50 UTC 2014
On 02/07/2014 06:09 PM, Nathaniel McCallum wrote:
> NOTE: Special care is required with this patch. Specifically, it needs
> to be synchronized with this patch: https://github.com/krb5/krb5/pull/45
>
> The background here is the desire of SELinux folks to move the sockets
> into /run. MIT has agreed to use the new runstatedir in autoconf git
> master (soon to be 2.70). This change has been applied upstream and will
> be part of the 1.13 release. The major downside is that this patch is
> backwards incompatible.
>
> In the interest of making backwards incompatible changes as quickly as
> possible before increased adoption, Nalin and I have agreed to backport
> this patch to rawhide. We are also strongly considering a backport to
> F20.
>
> Nathaniel
This worked for me in a F20 downstream scratch build, socket was on the assumed
place.
1) I think you should also update the upstream reference spec file so that the
updated KDC is required:
@@ -118,7 +119,7 @@ Requires: nss >= 3.14.3-12.0
Requires: nss-tools >= 3.14.3-12.0
%endif
%if 0%{?krb5_dal_version} >= 4
-Requires: krb5-server >= 1.11.2-1
+Requires: krb5-server >= 1.11.5-3
%else
%if 0%{krb5_dal_version} == 3
# krb5 1.11 bumped DAL interface major version, a rebuild is needed
2) What do you mean by "backwards incompatible"? That updated KDC won't work
with non-patched FreeIPA?
Just checking - upgrades should work fine, right? I.e. when both FreeIPA and
KRB5KDC is updated, OTP will keep working? No re-install needed?
Martin
More information about the Freeipa-devel
mailing list