On 09/10/2013 02:54 AM, Mahmoud wrote:
> Hello,
>
> I installed Fedora 19.
> Each time I change /usr/sbin/krb5kdc, it will not start again. I get
> following error:
> krb5kdc: Server error - while fetching master key K/M for realm
> EXAMPLE.COM <http://EXAMPLE.COM>
>
> Via reinstalling IPA, the problem will be fixed but I would like to
> fix it without reinstalling IPA. When I reinstalled IPA, all previous
> stored data has been deleted.  Is there any way to reconfigure
> Kerberos without deleting database data?
> Could you help me, please?

I am not sure what you are trying to do. It seems that you are trying to
have Kerberos with DB and IPA at the same time on the same machine. I am
not sure that would work.

>
>
> On Tue, Sep 10, 2013 at 9:49 AM, Mahmoud <gh.m...@gmail.com
> <mailto:gh.m...@gmail.com>> wrote:
>
>     Hello,
>
>     Thank you for your response.
>     When a user get tgt ticket, he can get service tickets without
>     typing password. I like to have several level of users. As high
>     level users have more access to resources, I want to grant a
>     ticket with less validation time. In other word, I want to have
>     several ticket life time due to user levels.
>
>     Best regards
>
>
>     On Tue, Sep 10, 2013 at 5:24 AM, Dmitri Pal <d...@redhat.com
>     <mailto:d...@redhat.com>> wrote:
>
>         On 09/09/2013 12:49 PM, Mahmoud wrote:
>>         Hello Mr. Dmitri Pal
>>
>>         Thank you very much for your help.
>>
>>         I tried to change source code to have more option. It was
>>         difficult for me to understand FreeIPA source code. Hence, I
>>         decided to change Kerberos source code. I want to add more
>>         features to Kerberos. For example, I like to have two (or
>>         several) types of ticket expiration.
>
>         What do you mean by several types of ticket expiration?
>         Can you please give an example?
>
>
>>
>>         Thanks
>>         Best regards
>>
>>
>>         On Mon, Sep 9, 2013 at 8:13 PM, Dmitri Pal <d...@redhat.com
>>         <mailto:d...@redhat.com>> wrote:
>>
>>             On 09/09/2013 10:55 AM, Mahmoud wrote:
>>>             Hello,
>>>
>>>             Thank you very much for your time and attention.
>>>
>>>             I changed client side code (kinit.c) but it requires to
>>>             change all clients. Now, I decided to change server side
>>>             code.
>>
>>             It seems that you should try to contribute code upstream
>>             if you want to end up with any kind of support of your
>>             enhancements, otherwise you would have to maintain your
>>             own version.
>>
>>
>>>             I thought it may be better choice. Should I change
>>>             policy.c file to change ticket policies?
>>
>>             What policies do you want to change and why? You might
>>             have described your intent on some other thread in some
>>             other list but not here.
>>
>>
>>>             It does not require recompiling krb5kdc?
>>
>>             I suspect it does...
>>
>>
>>>             I install FreeIPA on Fedora 18, When I execute klist -V
>>>             command, hence get following result:
>>>             Kerberos 5 version 1.10.3
>>>
>>             Fedora 19 has 1.11
>>
>>             IMO the best would be to have a details explanation of
>>             what you are trying to accomplish.
>>             This way we would be able to help you with the right
>>             approach.
>>             But it seems that building custom code might not be best
>>             option.
>>
>>             Thanks
>>             Dmitri
>>
>>
>>>             Best regards.
>>>
>>>             On Mon, Sep 9, 2013 at 6:00 PM, Simo Sorce
>>>             <s...@redhat.com <mailto:s...@redhat.com>> wrote:
>>>
>>>                 On Mon, 2013-09-09 at 08:07 +0430, Mahmoud wrote:
>>>                 > Hello Simo
>>>                 >
>>>                 >
>>>                 > The previous problem occurred due to installing
>>>                 krb5-1.11.3. I install
>>>                 > krb5-1.10.6 and copy ipadb.so in appropriate
>>>                 directory, hence the
>>>                 > problem has been solved. Is it all right?
>>>
>>>
>>>                 No it is not, we require 1.11.3 for OTP support in
>>>                 the latest FreeIPA.
>>>
>>>                 Seriously, chaingin the KDC is the last thing you
>>>                 want to do to solve
>>>                 your problem.
>>>
>>>                 Have you looked into creating custom ticket policies
>>>                 for your users ?
>>>
>>>                 Why do you need to change the KDC to do that ?
>>>
>>>                 Simo.
>>>                 >
>>>                 > Thank you.
>>>                 >
>>>                 > Best regards.
>>>                 >
>>>                 >
>>>                 >
>>>                 > On Mon, Sep 9, 2013 at 7:47 AM, Luke Howard
>>>                 <lu...@padl.com <mailto:lu...@padl.com>> wrote:
>>>                 >
>>>                 >         On 09/09/2013, at 1:08 PM, Mahmoud
>>>                 <gh.m...@gmail.com <mailto:gh.m...@gmail.com>> wrote:
>>>                 >
>>>                 >         > I thought FreeIpa uses krb5-1.10.3, but
>>>                 I use klist -V get
>>>                 >         following result:
>>>                 >         > Kerberos 5 version 1.10.3
>>>                 >
>>>                 >
>>>                 >         Aren't these the same thing?
>>>                 >
>>>                 >         -- Luke
>>>                 >
>>>                 >
>>>
>>>
>>>                 --
>>>                 Simo Sorce * Red Hat, Inc * New York
>>>
>>>
>>>
>>>
>>>             _______________________________________________
>>>             Freeipa-devel mailing list
>>>             Freeipa-devel@redhat.com <mailto:Freeipa-devel@redhat.com>
>>>             https://www.redhat.com/mailman/listinfo/freeipa-devel
>>
>>
>>             -- 
>>             Thank you,
>>             Dmitri Pal
>>
>>             Sr. Engineering Manager for IdM portfolio
>>             Red Hat Inc.
>>
>>
>>             -------------------------------
>>             Looking to carve out IT costs?
>>             www.redhat.com/carveoutcosts/ 
>> <http://www.redhat.com/carveoutcosts/>
>>
>>
>>
>>             _______________________________________________
>>             Freeipa-devel mailing list
>>             Freeipa-devel@redhat.com <mailto:Freeipa-devel@redhat.com>
>>             https://www.redhat.com/mailman/listinfo/freeipa-devel
>>
>>
>
>
>         -- 
>         Thank you,
>         Dmitri Pal
>
>         Sr. Engineering Manager for IdM portfolio
>         Red Hat Inc.
>
>
>         -------------------------------
>         Looking to carve out IT costs?
>         www.redhat.com/carveoutcosts/ <http://www.redhat.com/carveoutcosts/>
>
>
>
>


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to