[CentOS] latest freeIPA on CentOS
Jitse Klomp
jitseklomp at gmail.com
Mon Jul 14 19:02:38 UTC 2014
2014-07-14 17:57 GMT+02:00 Rainer Duffner <rainer at ultra-secure.de>:
> CentOS7 has 3.3
>
> I don't know if RedHat will backport it to 6.x like they did previously.
>
> I think we will start with what is in CentOS 7.0 and see how far we get.
> We will even buy RHEL-lics for it.
>
> I certainly don't want to run Fedora in production - and I don't want
> to do the backport for such a complicated piece of software myself.
>
RH will *not* do a backport of 3.3 to RHEL 6.x.
Alexander Bokovoy (from Red Hat) on the freeipa-users list (feb. 17):
"RHEL 6.x lacks many of the dependencies required for IPA 3.3. Newer
MIT Kerberos (with API and ABI change for KDC database driver and many
other changes required for trusts and two-factor authentication), newer
Dogtag which relies on several dozens of Java packages and newer tomcat,
systemd (we use socket activation and tmpfiles.d a lot), newer SSSD.
Kerberos ccache stored in the kernel space (KEYRING ccache type)
requires changes at kernel level which are also needed for kerberized
NFSv4 for trusts as AD users have large Kerebros tickets when they are
members of many groups and so on."
- Jitse
More information about the CentOS
mailing list