[Freeipa-devel] ipadb.so
Mahmoud
gh.mdgh at gmail.com
Mon Sep 9 14:55:51 UTC 2013
Hello,
Thank you very much for your time and attention.
I changed client side code (kinit.c) but it requires to change all clients.
Now, I decided to change server side code.
I thought it may be better choice. Should I change policy.c file to change
ticket policies? It does not require recompiling krb5kdc?
I install FreeIPA on Fedora 18, When I execute klist -V command, hence get
following result:
Kerberos 5 version 1.10.3
Best regards.
On Mon, Sep 9, 2013 at 6:00 PM, Simo Sorce <simo at redhat.com> wrote:
> On Mon, 2013-09-09 at 08:07 +0430, Mahmoud wrote:
> > Hello Simo
> >
> >
> > The previous problem occurred due to installing krb5-1.11.3. I install
> > krb5-1.10.6 and copy ipadb.so in appropriate directory, hence the
> > problem has been solved. Is it all right?
>
>
> No it is not, we require 1.11.3 for OTP support in the latest FreeIPA.
>
> Seriously, chaingin the KDC is the last thing you want to do to solve
> your problem.
>
> Have you looked into creating custom ticket policies for your users ?
>
> Why do you need to change the KDC to do that ?
>
> Simo.
> >
> > Thank you.
> >
> > Best regards.
> >
> >
> >
> > On Mon, Sep 9, 2013 at 7:47 AM, Luke Howard <lukeh at padl.com> wrote:
> >
> > On 09/09/2013, at 1:08 PM, Mahmoud <gh.mdgh at gmail.com> wrote:
> >
> > > I thought FreeIpa uses krb5-1.10.3, but I use klist -V get
> > following result:
> > > Kerberos 5 version 1.10.3
> >
> >
> > Aren't these the same thing?
> >
> > -- Luke
> >
> >
>
>
> --
> Simo Sorce * Red Hat, Inc * New York
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130909/c2f5307b/attachment.htm>
More information about the Freeipa-devel
mailing list