On 01/07/2020 17:55, Alexander Bokovoy wrote: > On ke, 01 heinä 2020, lejeczek via CentOS-devel wrote: >> hi guys >> >> latest in the repo krb5 packages - 1.18.2-2.el8 - brake >> freeIPA if already installed and conflict if want to >> install. >> >> # dnf install -y ipa-server-dns >> Last metadata expiration check: 1:21:31 ago on Wed 01 Jul >> 2020 11:00:25 BST. >> Error: >>  Problem: package >> ipa-server-dns-4.8.4-7.module_el8.2.0+374+0d2d74a1.noarch >> requires ipa-server = 4.8.4-7.module_el8.2.0+374+0d2d74a1, >> but none of the providers can be installed >>  - conflicting requests >>  - nothing provides krb5-kdb-version = 7.0 needed by >> ipa-server-4.8.4-7.module_el8.2.0+374+0d2d74a1.x86_64 > > There should be no 1.18 in RHEL 8.2 at all, therefore > CentOS 8.2 should > not have krb5 1.18. > > If you are using CentOS Stream, please make it clear in > describing your > configuration. > > I can see krb5-1.18.2 in c8s branch here: > https://git.centos.org/rpms/krb5/c/10fa7093df15784c58e82f89ba3e2a5ee0245991?branch=c8s > > There is no corresponding update for idm module, though. > > There is no c8s-version of c8-stream-DL1 branch and > therefore there is > no idm:DL1 module rebuild. > > Until that part is fixed, CentOS Stream is unusable for > IdM deployments. > > Please note that none of RHEL developers responsible for > IdM have any > say or control how things get merged into CentOS. If there > are problems > like this one nobody but CentOS maintainers could help. In > case of > CentOS 8 stream, it seems the whole process is done by a > robot and I > have no idea how this robot handles modular builds (and > when). > > And that seems to be a great shame, quite frankly I felt this way for a long months, probably since C8 release. Maybe you guys @redhat could(should ?) take over "idm" module in Centos, or Centos' owners could ask for help and delegate "idm" over to you. FreeIPA is way!!! to import to afford such cock-ups and it's been quite a wobbly ride on C8 since the beginning. Centos is a poor man choice but still seriously taken & deployed to critical environments and if my opinion is not an isolated one, then everybody will agree freeIPA must be taken care of properly. many thanks, L.