[CentOS] latest freeIPA on CentOS
Johnny Tan
johnnydtan at gmail.comMon Jul 14 20:00:20 UTC 2014
- Previous message: [CentOS] latest freeIPA on CentOS
- Next message: [CentOS] latest freeIPA on CentOS
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, Jul 14, 2014 at 3:02 PM, Jitse Klomp <jitseklomp at gmail.com> wrote: > RH will *not* do a backport of 3.3 to RHEL 6.x. > > Alexander Bokovoy (from Red Hat) on the freeipa-users list (feb. 17): > "RHEL 6.x lacks many of the dependencies required for IPA 3.3. Newer > MIT Kerberos (with API and ABI change for KDC database driver and many > other changes required for trusts and two-factor authentication), newer > Dogtag which relies on several dozens of Java packages and newer tomcat, > systemd (we use socket activation and tmpfiles.d a lot), newer SSSD. > Kerberos ccache stored in the kernel space (KEYRING ccache type) > requires changes at kernel level which are also needed for kerberized > NFSv4 for trusts as AD users have large Kerebros tickets when they are > members of many groups and so on." > Thanks for the info. We'll stick with 6.5 / 3.0 for now and hope the upgrade path is not strenuous. From first glances, it seems the manual part is going from 3.1 to something above, with the DogTag change. Hopefully that's the only laborious part.
- Previous message: [CentOS] latest freeIPA on CentOS
- Next message: [CentOS] latest freeIPA on CentOS
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list