[Freeipa-devel] ipadb.so

Mahmoud gh.mdgh at gmail.com
Tue Sep 10 05:19:48 UTC 2013 

Hello,

Thank you for your response.
When a user get tgt ticket, he can get service tickets without typing
password. I like to have several level of users. As high level users have
more access to resources, I want to grant a ticket with less validation
time. In other word, I want to have several ticket life time due to user
levels.

Best regards


On Tue, Sep 10, 2013 at 5:24 AM, Dmitri Pal <dpal at redhat.com> wrote:

>  On 09/09/2013 12:49 PM, Mahmoud wrote:
>
>   Hello Mr. Dmitri Pal
>
>  Thank you very much for your help.
>
>  I tried to change source code to have more option. It was difficult for
> me to understand FreeIPA source code. Hence, I decided to change Kerberos
> source code. I want to add more features to Kerberos. For example, I like
> to have two (or several) types of ticket expiration.
>
>
> What do you mean by several types of ticket expiration?
> Can you please give an example?
>
>
>
> Thanks
>  Best regards
>
>
> On Mon, Sep 9, 2013 at 8:13 PM, Dmitri Pal <dpal at redhat.com> wrote:
>
>>  On 09/09/2013 10:55 AM, Mahmoud wrote:
>>
>>  Hello,
>>
>>  Thank you very much for your time and attention.
>>
>>  I changed client side code (kinit.c) but it requires to change all
>> clients. Now, I decided to change server side code.
>>
>>
>>  It seems that you should try to contribute code upstream if you want to
>> end up with any kind of support of your enhancements, otherwise you would
>> have to maintain your own version.
>>
>>
>>    I thought it may be better choice. Should I change policy.c file to
>> change ticket policies?
>>
>>
>>  What policies do you want to change and why? You might have described
>> your intent on some other thread in some other list but not here.
>>
>>
>>    It does not require recompiling krb5kdc?
>>
>>
>>  I suspect it does...
>>
>>
>>    I install FreeIPA on Fedora 18, When I execute klist -V command,
>> hence get following result:
>> Kerberos 5 version 1.10.3
>>
>>     Fedora 19 has 1.11
>>
>> IMO the best would be to have a details explanation of what you are
>> trying to accomplish.
>> This way we would be able to help you with the right approach.
>> But it seems that building custom code might not be best option.
>>
>> Thanks
>> Dmitri
>>
>>
>>     Best regards.
>>
>> On Mon, Sep 9, 2013 at 6:00 PM, Simo Sorce <simo at redhat.com> wrote:
>>
>>> On Mon, 2013-09-09 at 08:07 +0430, Mahmoud wrote:
>>> > Hello Simo
>>> >
>>> >
>>> > The previous problem occurred due to installing krb5-1.11.3. I install
>>> > krb5-1.10.6 and copy ipadb.so in appropriate directory, hence the
>>> > problem has been solved. Is it all right?
>>>
>>>
>>>  No it is not, we require 1.11.3 for OTP support in the latest FreeIPA.
>>>
>>> Seriously, chaingin the KDC is the last thing you want to do to solve
>>> your problem.
>>>
>>> Have you looked into creating custom ticket policies for your users ?
>>>
>>> Why do you need to change the KDC to do that ?
>>>
>>> Simo.
>>>  >
>>> > Thank you.
>>> >
>>> > Best regards.
>>> >
>>> >
>>> >
>>> > On Mon, Sep 9, 2013 at 7:47 AM, Luke Howard <lukeh at padl.com> wrote:
>>> >
>>> >         On 09/09/2013, at 1:08 PM, Mahmoud <gh.mdgh at gmail.com> wrote:
>>> >
>>> >         > I thought FreeIpa uses krb5-1.10.3, but I use klist -V get
>>> >         following result:
>>> >         > Kerberos 5 version 1.10.3
>>> >
>>> >
>>> >         Aren't these the same thing?
>>> >
>>> >         -- Luke
>>> >
>>> >
>>>
>>>
>>>  --
>>> Simo Sorce * Red Hat, Inc * New York
>>>
>>>
>>
>>
>>  _______________________________________________
>> Freeipa-devel mailing listFreeipa-devel at redhat.comhttps://www.redhat.com/mailman/listinfo/freeipa-devel
>>
>>
>>
>> --
>> Thank you,
>> Dmitri Pal
>>
>> Sr. Engineering Manager for IdM portfolio
>> Red Hat Inc.
>>
>>
>> -------------------------------
>> Looking to carve out IT costs?www.redhat.com/carveoutcosts/
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
>>
>
>
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager for IdM portfolio
> Red Hat Inc.
>
>
> -------------------------------
> Looking to carve out IT costs?www.redhat.com/carveoutcosts/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130910/125c3860/attachment.htm>

More information about the Freeipa-devel mailing list