On 09/09/2013 12:49 PM, Mahmoud wrote: > Hello Mr. Dmitri Pal > > Thank you very much for your help. > > I tried to change source code to have more option. It was difficult > for me to understand FreeIPA source code. Hence, I decided to change > Kerberos source code. I want to add more features to Kerberos. For > example, I like to have two (or several) types of ticket expiration.
What do you mean by several types of ticket expiration? Can you please give an example? > > Thanks > Best regards > > > On Mon, Sep 9, 2013 at 8:13 PM, Dmitri Pal <[email protected] > <mailto:[email protected]>> wrote: > > On 09/09/2013 10:55 AM, Mahmoud wrote: >> Hello, >> >> Thank you very much for your time and attention. >> >> I changed client side code (kinit.c) but it requires to change >> all clients. Now, I decided to change server side code. > > It seems that you should try to contribute code upstream if you > want to end up with any kind of support of your enhancements, > otherwise you would have to maintain your own version. > > >> I thought it may be better choice. Should I change policy.c file >> to change ticket policies? > > What policies do you want to change and why? You might have > described your intent on some other thread in some other list but > not here. > > >> It does not require recompiling krb5kdc? > > I suspect it does... > > >> I install FreeIPA on Fedora 18, When I execute klist -V command, >> hence get following result: >> Kerberos 5 version 1.10.3 >> > Fedora 19 has 1.11 > > IMO the best would be to have a details explanation of what you > are trying to accomplish. > This way we would be able to help you with the right approach. > But it seems that building custom code might not be best option. > > Thanks > Dmitri > > >> Best regards. >> >> On Mon, Sep 9, 2013 at 6:00 PM, Simo Sorce <[email protected] >> <mailto:[email protected]>> wrote: >> >> On Mon, 2013-09-09 at 08:07 +0430, Mahmoud wrote: >> > Hello Simo >> > >> > >> > The previous problem occurred due to installing >> krb5-1.11.3. I install >> > krb5-1.10.6 and copy ipadb.so in appropriate directory, >> hence the >> > problem has been solved. Is it all right? >> >> >> No it is not, we require 1.11.3 for OTP support in the latest >> FreeIPA. >> >> Seriously, chaingin the KDC is the last thing you want to do >> to solve >> your problem. >> >> Have you looked into creating custom ticket policies for your >> users ? >> >> Why do you need to change the KDC to do that ? >> >> Simo. >> > >> > Thank you. >> > >> > Best regards. >> > >> > >> > >> > On Mon, Sep 9, 2013 at 7:47 AM, Luke Howard <[email protected] >> <mailto:[email protected]>> wrote: >> > >> > On 09/09/2013, at 1:08 PM, Mahmoud >> <[email protected] <mailto:[email protected]>> wrote: >> > >> > > I thought FreeIpa uses krb5-1.10.3, but I use >> klist -V get >> > following result: >> > > Kerberos 5 version 1.10.3 >> > >> > >> > Aren't these the same thing? >> > >> > -- Luke >> > >> > >> >> >> -- >> Simo Sorce * Red Hat, Inc * New York >> >> >> >> >> _______________________________________________ >> Freeipa-devel mailing list >> [email protected] <mailto:[email protected]> >> https://www.redhat.com/mailman/listinfo/freeipa-devel > > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager for IdM portfolio > Red Hat Inc. > > > ------------------------------- > Looking to carve out IT costs? > www.redhat.com/carveoutcosts/ <http://www.redhat.com/carveoutcosts/> > > > > _______________________________________________ > Freeipa-devel mailing list > [email protected] <mailto:[email protected]> > https://www.redhat.com/mailman/listinfo/freeipa-devel > > -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/
_______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
