[Freeipa-users] ipa v4 on CentOS6
Lukas Slebodnik
lslebodn at redhat.com
Mon Aug 17 12:00:35 UTC 2015
On (17/08/15 14:37), Alexander Bokovoy wrote:
>On Mon, 17 Aug 2015, Ramy Allam wrote:
>>Hello,
>>
>>I'm running ipa-server-4.1.0-18.el7.centos.4.x86_64 on a CentoOS 7 machine.
>>And need to setup ipa-4.1.0 on a CentOS 6 machine.
>>
>>CentOS 6 repo has ipa-client-3 available. Where can i find v4 for CentOS 6
>>please ?
>Nowhere. Read this thread:
>https://www.redhat.com/archives/freeipa-users/2014-February/msg00255.html
>
>>The reason i need to setup ipa-clientv4 on CentOS6 is clientv3 doesn't
>>support OTP authentication.
>Regardless of IPA version, the lack of OTP authentication will not be
>fixed with a backport of IPA4. OTP authentication needs newer Kerberos
>library with changed ABI so it will not appear on RHEL6/CentOS6.
>
>Ideally you need newer SSSD which understands newer Kerberos API for
>pre-auth conversations and may be even more. This is definitely going
>outside of any sensible support scope, upstream or downstream.
>
rhel6.7 already contains sufficient version of sssd
sssd-1.12.4-4x.el6
It just does not contain separate prompting for password and token.
https://fedorahosted.org/sssd/ticket/2335
I'm also not aware of dependency on special feature from libkrb5 on sssd side.
At least, we do not detect it at compile time.
SSSD is not a blocker for rhel6 client with ipa-server-4.1.
LS
More information about the Freeipa-users
mailing list