Hi chenxiaolong,
Just a headsup - FreeIPA 3.2 is out; and presently your 3.1 package doesn't build. Some of the dependencies are now "python2-pylint" and "samba" but even then the patches don't seem to apply to the source properly. Log here: https://gist.github.com/5563461
I might see if I can fix it if I get time, but I'm not familiar with the IPA codebase (only just installed freeipa server on a spare fedora box :P)
Search Criteria
Package Details: freeipa-client 4.12.2-1
Package Actions
Git Clone URL: | https://aur.archlinux.org/freeipa.git (read-only, click to copy) |
---|---|
Package Base: | freeipa |
Description: | IPA authentication for use on clients |
Upstream URL: | http://www.freeipa.org/ |
Keywords: | freeipa identity management policy trusts |
Licenses: | GPL3 |
Submitter: | chenxiaolong |
Maintainer: | patlefort |
Last Packager: | patlefort |
Votes: | 24 |
Popularity: | 0.41 |
First Submitted: | 2012-11-15 23:50 (UTC) |
Last Updated: | 2024-09-02 18:01 (UTC) |
Dependencies (37)
- authselectAUR
- autofsAUR
- bind-tools (bind-gitAUR, bind)
- certmongerAUR
- chrony
- curl (curl-quiche-gitAUR, curl-http3-ngtcp2AUR, curl-gitAUR, curl-c-aresAUR)
- cyrus-sasl-gssapi
- freeipa-client-commonAUR
- freeipa-commonAUR
- krb5 (krb5-gitAUR)
- libxmlrpc
- nfs-utils
- nfsidmap
- nss (nss-hgAUR)
- ntp (ntpsec-gitAUR, ntpsecAUR)
- oddjob-selinuxAUR
- python-augeas
- python-gssapi
- python-ipaclientAUR
- sssd (sssd-gitAUR, sssd-nosmbAUR)
- yp-toolsAUR
- ding-libs (make)
- gettext (gettext-gitAUR) (make)
- krb5 (krb5-gitAUR) (make)
- libsasl (make)
- libxmlrpc (make)
- nspr (nspr-hgAUR) (make)
- nss (nss-hgAUR) (make)
- openldap (openldap-gnutlsAUR) (make)
- openssl (openssl-gitAUR, openssl-staticAUR) (make)
- popt (popt-gitAUR) (make)
- python (python37AUR, python311AUR, python310AUR) (make)
- python-jinja (make)
- python-pyasn1-modules (make)
- python-setuptools (make)
- python-systemd (make)
- sssd (sssd-gitAUR, sssd-nosmbAUR) (make)
Required by (0)
Sources (4)
Gwmngilfen commented on 2013-05-12 12:53 (UTC)
psi.neamf commented on 2013-01-09 14:29 (UTC)
Hi chenxiaolong,
I've found for GSSAPI for SSH you need to change these to 'yes' :
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
in either /etc/ssh/ssh_config or ~/.ssh/config
chenxiaolong commented on 2012-12-28 17:05 (UTC)
@demaio (who flagged this package out of date): It may take me a little while (probably after New Year) to update this package. I have yet to upgrade my server to 3.1.0 and I still need to work out a few issues, such as making pam_mkhomedir or oddjob-mkhomedir work :)
chenxiaolong commented on 2012-12-01 21:04 (UTC)
@senorsmile: FreeIPA (the client) is partially working now. I would say it's usable :) Right now, I'm working on the PAM configuration files. There are some issues with the way it works. For example, if you press Control+C when you type the password to sudo, it will say that you typed the password incorrectly 3 times.
Other than that, the only issue I know of is that GSSAPI (single sign on) does not work with ssh. I think that it's a problem with Arch's packages.
I haven't written anything about using FreeIPA with Arch, so here's a basic rundown:
Basically, you'll need to install this freeipa package and run "sudo sss-auth-setup --enable-nss --enable-pam". That will modify /etc/nsswitch.conf and /etc/pam.d/* for freeipa. If pacman ever does anything in /etc/pam.d/, such as updating something or installing a new login manager, you'll need to run:
sudo sss-auth-setup --disable-pam
sudo sss-auth-setup --enable-pam
That's all for the Arch-specific FreeIPA changes. Afterwards, just run the usual "ipa-client-install" commands.
I hope that answered your questions :)
senorsmile commented on 2012-12-01 19:07 (UTC)
How is the freeipa package running on Arch? Is it very stable? At least usable?
Pinned Comments
patlefort commented on 2024-07-23 11:37 (UTC)
Keys are in
keys/pgp
of this package.