Hello, Thank you for your response. When a user get tgt ticket, he can get service tickets without typing password. I like to have several level of users. As high level users have more access to resources, I want to grant a ticket with less validation time. In other word, I want to have several ticket life time due to user levels.
Best regards On Tue, Sep 10, 2013 at 5:24 AM, Dmitri Pal <[email protected]> wrote: > On 09/09/2013 12:49 PM, Mahmoud wrote: > > Hello Mr. Dmitri Pal > > Thank you very much for your help. > > I tried to change source code to have more option. It was difficult for > me to understand FreeIPA source code. Hence, I decided to change Kerberos > source code. I want to add more features to Kerberos. For example, I like > to have two (or several) types of ticket expiration. > > > What do you mean by several types of ticket expiration? > Can you please give an example? > > > > Thanks > Best regards > > > On Mon, Sep 9, 2013 at 8:13 PM, Dmitri Pal <[email protected]> wrote: > >> On 09/09/2013 10:55 AM, Mahmoud wrote: >> >> Hello, >> >> Thank you very much for your time and attention. >> >> I changed client side code (kinit.c) but it requires to change all >> clients. Now, I decided to change server side code. >> >> >> It seems that you should try to contribute code upstream if you want to >> end up with any kind of support of your enhancements, otherwise you would >> have to maintain your own version. >> >> >> I thought it may be better choice. Should I change policy.c file to >> change ticket policies? >> >> >> What policies do you want to change and why? You might have described >> your intent on some other thread in some other list but not here. >> >> >> It does not require recompiling krb5kdc? >> >> >> I suspect it does... >> >> >> I install FreeIPA on Fedora 18, When I execute klist -V command, >> hence get following result: >> Kerberos 5 version 1.10.3 >> >> Fedora 19 has 1.11 >> >> IMO the best would be to have a details explanation of what you are >> trying to accomplish. >> This way we would be able to help you with the right approach. >> But it seems that building custom code might not be best option. >> >> Thanks >> Dmitri >> >> >> Best regards. >> >> On Mon, Sep 9, 2013 at 6:00 PM, Simo Sorce <[email protected]> wrote: >> >>> On Mon, 2013-09-09 at 08:07 +0430, Mahmoud wrote: >>> > Hello Simo >>> > >>> > >>> > The previous problem occurred due to installing krb5-1.11.3. I install >>> > krb5-1.10.6 and copy ipadb.so in appropriate directory, hence the >>> > problem has been solved. Is it all right? >>> >>> >>> No it is not, we require 1.11.3 for OTP support in the latest FreeIPA. >>> >>> Seriously, chaingin the KDC is the last thing you want to do to solve >>> your problem. >>> >>> Have you looked into creating custom ticket policies for your users ? >>> >>> Why do you need to change the KDC to do that ? >>> >>> Simo. >>> > >>> > Thank you. >>> > >>> > Best regards. >>> > >>> > >>> > >>> > On Mon, Sep 9, 2013 at 7:47 AM, Luke Howard <[email protected]> wrote: >>> > >>> > On 09/09/2013, at 1:08 PM, Mahmoud <[email protected]> wrote: >>> > >>> > > I thought FreeIpa uses krb5-1.10.3, but I use klist -V get >>> > following result: >>> > > Kerberos 5 version 1.10.3 >>> > >>> > >>> > Aren't these the same thing? >>> > >>> > -- Luke >>> > >>> > >>> >>> >>> -- >>> Simo Sorce * Red Hat, Inc * New York >>> >>> >> >> >> _______________________________________________ >> Freeipa-devel mailing >> [email protected]https://www.redhat.com/mailman/listinfo/freeipa-devel >> >> >> >> -- >> Thank you, >> Dmitri Pal >> >> Sr. Engineering Manager for IdM portfolio >> Red Hat Inc. >> >> >> ------------------------------- >> Looking to carve out IT costs?www.redhat.com/carveoutcosts/ >> >> >> _______________________________________________ >> Freeipa-devel mailing list >> [email protected] >> https://www.redhat.com/mailman/listinfo/freeipa-devel >> > > > > -- > Thank you, > Dmitri Pal > > Sr. Engineering Manager for IdM portfolio > Red Hat Inc. > > > ------------------------------- > Looking to carve out IT costs?www.redhat.com/carveoutcosts/ > >
_______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
