[Freeipa-users] Installing FreeIPA 3.1 -> 3.3 On RHEL

Rob Crittenden rcritten at redhat.com
Tue Feb 18 19:52:32 UTC 2014 

John Stein wrote:
> Thank you for the fast response.
>
> Some point i would like to understand better:
>
> 1) I understand there is a Big dependencies issue, that's why i want to
> know if there is a repository that can satisfy those dependencies.

No, the changes are too vast to make this worthwhile.

> 2) Are there core issues (like Kernel version) that can't be resolved
> for RHEL 6.x.?

Anything can be resolved but at some point the number of changes 
outweighs any benefits you get. Who is going to support all these newer 
versions on RHEL 6 after all?

> 3) What is the newest version that i can run on RHEL 6.x without losing
> my mind?

3.0.

> 4) Will it be easier to Install IPA 3.3 on RHEL 7 (beta)?

Yes, by far, and easier still since RHEL 7 comes with 3.3.x.

rob

>
> Thanks again,
> John
>
> On Feb 17, 2014 10:12 PM, "Alexander Bokovoy" <abokovoy at redhat.com
> <mailto:abokovoy at redhat.com>> wrote:
>
>     On Mon, 17 Feb 2014, John Stein wrote:
>
>         Hi all.
>         The newest IPA version that exists in the RHN repository is
>         3.0.0-37. I
>         would like to install IPA version greater then 3.0 on RHEL 6.x.
>         How would you recommend installing newer versions? Using Fedora
>         repository,
>         EPEL or just download the tarball and build it?
>
>     RHEL 6.x lacks many of the dependencies required for IPA 3.3. Newer
>     MIT Kerberos (with API and ABI change for KDC database driver and many
>     other changes required for trusts and two-factor authentication), newer
>     Dogtag which relies on several dozens of Java packages and newer tomcat,
>     systemd (we use socket activation and tmpfiles.d a lot), newer SSSD.
>     Kerberos ccache stored in the kernel space (KEYRING ccache type)
>     requires changes at kernel level which are also needed for kerberized
>     NFSv4 for trusts as AD users have large Kerebros tickets when they are
>     members of many groups and so on.
>
>     There are many dependencies and not all of them could be satisfied
>     through a simple recompile.
>
>     --
>     / Alexander Bokovoy
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>

More information about the Freeipa-users mailing list