[Freeipa-users] ipa 2 client connecting to ipa 3 server
Martin Kosek
mkosek at redhat.com
Thu Aug 21 11:59:43 UTC 2014
On 08/20/2014 09:49 PM, Dmitri Pal wrote:
> On 08/20/2014 09:43 PM, Rob Crittenden wrote:
>> Walid wrote:
>>> Thanks Rob, we have native python2.4, and anaconda python 2.7, so i
>>> guess if anything needs python 2.6 or greater it would not be an issue.
>>> I am just wondering if there are people using the upstream project in
>>> such a legacy system ;-)
>> It's not just python, it's all the modules as well.
>>
>> In the end the issue isn't so much ipa-client as all the related
>> dependencies. The ipa-client package just helps configure things, sssd
>> does all the heavy lifting. If you wanted to backport anything I'd start
>> there, and it is likely extremely non-trivial.
>>
>> I know that people still use RHEL-5 and the current 2.2-based client.
>> It, and its related packages, generally works fine you just miss out on
>> some of the newer features, particularly in sssd (like sudo and autofs).
> You can try to build sssd on 5.3 but I suspect it will require so many
> dependencies that you system would look more like a 5.10.
> You can try but this will be an adventurous effort.
> For old systems like that we recommend using what they had then and not SSSD.
> Users will be able to authenticate and posix data will be the same as on the
> more modern systems which should be sufficient for the needs of those old
> systems anyways.
JFTR, note that you can also authenticate with users from potentially trusted
AD domains by using:
http://www.freeipa.org/page/V3/Serving_legacy_clients_for_trusts
Preso here: http://www.freeipa.org/images/0/0d/FreeIPA33-legacy-clients.pdf
Martin
More information about the Freeipa-users
mailing list