Package Base Details: freeipa

Git Clone URL: (read-only)
Keywords: freeipa identity management policy trusts
Submitter: chenxiaolong
Maintainer: None
Last Packager: lonaowna
Votes: 12
Popularity: 0.103867
First Submitted: 2012-11-15 23:50
Last Updated: 2018-05-01 12:27

Latest Comments

« First ‹ Previous 1 2 3 4

chenxiaolong commented on 2013-05-13 05:15

New release:

**IMPORTANT**: Run "sudo sss-auth-setup --disable-nss --disable-pam" before updating!

This new release contains a rewritten sss-auth-setup. It is now safe to run it with "--enable-pam" or "--disable-pam" multiple times.

Whenever a new package that uses PAM is installed or updated (anything that requires a login), just run "sudo sss-auth-setup --enable-pam". No need to disable first :)

chenxiaolong commented on 2013-05-12 21:15

More important information:

It's a *good* idea to run "sss-auth-setup --disable-pam" before "pacman -Syu" just in case something in case something in /etc/pam.d/ is added or updated. After the updates, run "sss-auth-setup --enable-pam" again.

I hope to have this fixed for the next release.

chenxiaolong commented on 2013-05-12 21:09

Updated to version 3.2.0. There are a huge amount changes for this release:

Installation is still the same as before:

1. Install freeipa
2. sudo sss-auth-setup --enable-nss --enable-pam
3. sudo ipa-client-install ...

Note: freeipa on Arch Linux is still untested :P

chenxiaolong commented on 2013-05-12 15:50

Hi Gwmngilfen:

My finals for school just finished two days ago, so I should have a lot more time to work on FreeIPA now. I'm guessing the dependencies are really outdated since I last updated the package. I'll fix all of those first :P

Gwmngilfen commented on 2013-05-12 12:53

Hi chenxiaolong,

Just a headsup - FreeIPA 3.2 is out; and presently your 3.1 package doesn't build. Some of the dependencies are now "python2-pylint" and "samba" but even then the patches don't seem to apply to the source properly. Log here:

I might see if I can fix it if I get time, but I'm not familiar with the IPA codebase (only just installed freeipa server on a spare fedora box :P)

psi.neamf commented on 2013-01-09 14:29

Hi chenxiaolong,

I've found for GSSAPI for SSH you need to change these to 'yes' :

GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes

in either /etc/ssh/ssh_config or ~/.ssh/config

chenxiaolong commented on 2012-12-28 17:05

@demaio (who flagged this package out of date): It may take me a little while (probably after New Year) to update this package. I have yet to upgrade my server to 3.1.0 and I still need to work out a few issues, such as making pam_mkhomedir or oddjob-mkhomedir work :)

chenxiaolong commented on 2012-12-01 21:04

@senorsmile: FreeIPA (the client) is partially working now. I would say it's usable :) Right now, I'm working on the PAM configuration files. There are some issues with the way it works. For example, if you press Control+C when you type the password to sudo, it will say that you typed the password incorrectly 3 times.

Other than that, the only issue I know of is that GSSAPI (single sign on) does not work with ssh. I think that it's a problem with Arch's packages.

I haven't written anything about using FreeIPA with Arch, so here's a basic rundown:

Basically, you'll need to install this freeipa package and run "sudo sss-auth-setup --enable-nss --enable-pam". That will modify /etc/nsswitch.conf and /etc/pam.d/* for freeipa. If pacman ever does anything in /etc/pam.d/, such as updating something or installing a new login manager, you'll need to run:

sudo sss-auth-setup --disable-pam
sudo sss-auth-setup --enable-pam

That's all for the Arch-specific FreeIPA changes. Afterwards, just run the usual "ipa-client-install" commands.

I hope that answered your questions :)

senorsmile commented on 2012-12-01 19:07

How is the freeipa package running on Arch? Is it very stable? At least usable?