[Freeipa-devel] ipadb.so

Dmitri Pal dpal at redhat.com
Mon Sep 9 15:43:35 UTC 2013 

On 09/09/2013 10:55 AM, Mahmoud wrote:
> Hello,
>
> Thank you very much for your time and attention.
>
> I changed client side code (kinit.c) but it requires to change all
> clients. Now, I decided to change server side code.

It seems that you should try to contribute code upstream if you want to
end up with any kind of support of your enhancements, otherwise you
would have to maintain your own version.

> I thought it may be better choice. Should I change policy.c file to
> change ticket policies?

What policies do you want to change and why? You might have described
your intent on some other thread in some other list but not here.

> It does not require recompiling krb5kdc?

I suspect it does...

> I install FreeIPA on Fedora 18, When I execute klist -V command, hence
> get following result:
> Kerberos 5 version 1.10.3
>
Fedora 19 has 1.11

IMO the best would be to have a details explanation of what you are
trying to accomplish.
This way we would be able to help you with the right approach.
But it seems that building custom code might not be best option.

Thanks
Dmitri


> Best regards.
>
> On Mon, Sep 9, 2013 at 6:00 PM, Simo Sorce <simo at redhat.com
> <mailto:simo at redhat.com>> wrote:
>
>     On Mon, 2013-09-09 at 08:07 +0430, Mahmoud wrote:
>     > Hello Simo
>     >
>     >
>     > The previous problem occurred due to installing krb5-1.11.3. I
>     install
>     > krb5-1.10.6 and copy ipadb.so in appropriate directory, hence the
>     > problem has been solved. Is it all right?
>
>
>     No it is not, we require 1.11.3 for OTP support in the latest FreeIPA.
>
>     Seriously, chaingin the KDC is the last thing you want to do to solve
>     your problem.
>
>     Have you looked into creating custom ticket policies for your users ?
>
>     Why do you need to change the KDC to do that ?
>
>     Simo.
>     >
>     > Thank you.
>     >
>     > Best regards.
>     >
>     >
>     >
>     > On Mon, Sep 9, 2013 at 7:47 AM, Luke Howard <lukeh at padl.com
>     <mailto:lukeh at padl.com>> wrote:
>     >
>     >         On 09/09/2013, at 1:08 PM, Mahmoud <gh.mdgh at gmail.com
>     <mailto:gh.mdgh at gmail.com>> wrote:
>     >
>     >         > I thought FreeIpa uses krb5-1.10.3, but I use klist -V get
>     >         following result:
>     >         > Kerberos 5 version 1.10.3
>     >
>     >
>     >         Aren't these the same thing?
>     >
>     >         -- Luke
>     >
>     >
>
>
>     --
>     Simo Sorce * Red Hat, Inc * New York
>
>
>
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130909/a48272e7/attachment.htm>

More information about the Freeipa-devel mailing list