[Freeipa-users] Installing FreeIPA 3.1 -> 3.3 On RHEL
Alexander Bokovoy
abokovoy at redhat.com
Tue Feb 18 19:59:30 UTC 2014
On Tue, 18 Feb 2014, John Stein wrote:
>Thank you for the fast response.
>
>Some point i would like to understand better:
>
>1) I understand there is a Big dependencies issue, that's why i want to
>know if there is a repository that can satisfy those dependencies.
There is no repository for that.
>
>2) Are there core issues (like Kernel version) that can't be resolved for
>RHEL 6.x.?
I've mentioned them below already. The code we need from the kernel is in 3.11-3.12.
You can read release pages to see additions in each of major releases after 3.0:
http://www.freeipa.org/page/Releases/3.1.0
http://www.freeipa.org/page/Releases/3.2.0
http://www.freeipa.org/page/Releases/3.3.0
Practically, 3.1 introduced dogtag10 dependency, 3.2 -- new 389-ds, MIT Kerberos,
and Samba versions, and hard require on systemd, 3.3 -- new slapi-nis version and SSSD.
>3) What is the newest version that i can run on RHEL 6.x without losing my
>mind?
The version you already have in RHEL 6.5, 3.0, is the last one that can
be used on RHEL 6.x for sure.
>4) Will it be easier to Install IPA 3.3 on RHEL 7 (beta)?
IPA 3.3 is part of RHEL 7.0 beta already.
>
>Thanks again,
>John
>On Feb 17, 2014 10:12 PM, "Alexander Bokovoy" <abokovoy at redhat.com> wrote:
>
>> On Mon, 17 Feb 2014, John Stein wrote:
>>
>>> Hi all.
>>> The newest IPA version that exists in the RHN repository is 3.0.0-37. I
>>> would like to install IPA version greater then 3.0 on RHEL 6.x.
>>> How would you recommend installing newer versions? Using Fedora
>>> repository,
>>> EPEL or just download the tarball and build it?
>>>
>> RHEL 6.x lacks many of the dependencies required for IPA 3.3. Newer
>> MIT Kerberos (with API and ABI change for KDC database driver and many
>> other changes required for trusts and two-factor authentication), newer
>> Dogtag which relies on several dozens of Java packages and newer tomcat,
>> systemd (we use socket activation and tmpfiles.d a lot), newer SSSD.
>> Kerberos ccache stored in the kernel space (KEYRING ccache type)
>> requires changes at kernel level which are also needed for kerberized
>> NFSv4 for trusts as AD users have large Kerebros tickets when they are
>> members of many groups and so on.
>>
>> There are many dependencies and not all of them could be satisfied
>> through a simple recompile.
>>
>> --
>> / Alexander Bokovoy
>>
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list