<div dir="ltr"><div><div><div>Hello Mr. <span name="Dmitri Pal" class="">Dmitri Pal<br><br></span></div><span name="Dmitri Pal" class="">Thank you very much for your help.<br><br></span></div><div><span name="Dmitri Pal" class="">I tried to change source code to have more option. It was difficult for me to understand FreeIPA source code. Hence, I decided to change Kerberos source code. I want to add more features to Kerberos. For example, I like to have two (or several) types of ticket expiration.<br>
</span></div><span name="Dmitri Pal" class=""><br>Thanks<br></span></div><span name="Dmitri Pal" class="">Best regards<br></span></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Mon, Sep 9, 2013 at 8:13 PM, Dmitri Pal <span dir="ltr"><<a href="mailto:dpal@redhat.com" target="_blank">dpal@redhat.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"><div class="im">
On 09/09/2013 10:55 AM, Mahmoud wrote:
<blockquote type="cite">
<div dir="ltr">
<div>
<div>Hello,<br>
<br>
</div>
Thank you very much for your time and attention.<br>
<br>
</div>
I changed client side code (kinit.c) but it requires to change
all clients. Now, I decided to change server side code.<br>
</div>
</blockquote>
<br></div>
It seems that you should try to contribute code upstream if you want
to end up with any kind of support of your enhancements, otherwise
you would have to maintain your own version.<div class="im"><br>
<br>
<blockquote type="cite">
<div dir="ltr">
<div>
<div>
<div>
<div>
<div class="gmail_extra">I thought it may be better
choice. Should I change policy.c file to change ticket
policies? </div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<br></div>
What policies do you want to change and why? You might have
described your intent on some other thread in some other list but
not here.<div class="im"><br>
<br>
<blockquote type="cite">
<div dir="ltr">
<div>
<div>
<div>
<div>
<div class="gmail_extra">It does not require recompiling
krb5kdc?<br>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<br></div>
I suspect it does...<div class="im"><br>
<br>
<blockquote type="cite">
<div dir="ltr">
<div>
<div>
<div>
<div>
<div class="gmail_extra">I install FreeIPA on Fedora 18,
When I execute klist -V command, hence get following
result:<br>
Kerberos 5 version 1.10.3 <br>
</div>
<div class="gmail_extra"><br>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote></div>
Fedora 19 has 1.11<br>
<br>
IMO the best would be to have a details explanation of what you are
trying to accomplish.<br>
This way we would be able to help you with the right approach.<br>
But it seems that building custom code might not be best option.<br>
<br>
Thanks<br>
Dmitri<br>
<br>
<br>
<blockquote type="cite"><div class="im">
<div dir="ltr">
<div>
<div>
<div>
<div>
<div class="gmail_extra">Best regards.<br>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Mon, Sep 9, 2013 at 6:00
PM, Simo Sorce <span dir="ltr"><<a href="mailto:simo@redhat.com" target="_blank">simo@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>On Mon, 2013-09-09 at 08:07 +0430, Mahmoud
wrote:<br>
> Hello Simo<br>
><br>
><br>
> The previous problem occurred due to
installing krb5-1.11.3. I install<br>
> krb5-1.10.6 and copy ipadb.so in
appropriate directory, hence the<br>
> problem has been solved. Is it all right?<br>
<br>
<br>
</div>
No it is not, we require 1.11.3 for OTP support in
the latest FreeIPA.<br>
<br>
Seriously, chaingin the KDC is the last thing you
want to do to solve<br>
your problem.<br>
<br>
Have you looked into creating custom ticket
policies for your users ?<br>
<br>
Why do you need to change the KDC to do that ?<br>
<span><font color="#888888"><br>
Simo.<br>
</font></span>
<div>><br>
> Thank you.<br>
><br>
> Best regards.<br>
><br>
><br>
><br>
> On Mon, Sep 9, 2013 at 7:47 AM, Luke Howard
<<a href="mailto:lukeh@padl.com" target="_blank">lukeh@padl.com</a>>
wrote:<br>
><br>
> On 09/09/2013, at 1:08 PM, Mahmoud
<<a href="mailto:gh.mdgh@gmail.com" target="_blank">gh.mdgh@gmail.com</a>>
wrote:<br>
><br>
> > I thought FreeIpa uses
krb5-1.10.3, but I use klist -V get<br>
> following result:<br>
> > Kerberos 5 version 1.10.3<br>
><br>
><br>
> Aren't these the same thing?<br>
><br>
> -- Luke<br>
><br>
><br>
<br>
<br>
</div>
<div>
<div>--<br>
Simo Sorce * Red Hat, Inc * New York<br>
<br>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div><pre>_______________________________________________
Freeipa-devel mailing list
<a href="mailto:Freeipa-devel@redhat.com" target="_blank">Freeipa-devel@redhat.com</a>
<a href="https://www.redhat.com/mailman/listinfo/freeipa-devel" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-devel</a></pre>
</blockquote><div class="im">
<br>
<br>
<pre cols="72">--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
<a href="http://www.redhat.com/carveoutcosts/" target="_blank">www.redhat.com/carveoutcosts/</a>
</pre>
</div></div>
<br>_______________________________________________<br>
Freeipa-devel mailing list<br>
<a href="mailto:Freeipa-devel@redhat.com">Freeipa-devel@redhat.com</a><br>
<a href="https://www.redhat.com/mailman/listinfo/freeipa-devel" target="_blank">https://www.redhat.com/mailman/listinfo/freeipa-devel</a><br></blockquote></div><br></div>