[Pkg-freeipa-devel] FreeIPA and Stretch
tjaalton at debian.org
Tue Mar 14 11:52:35 UTC 2017
On 14.03.2017 13:46, Modestas Vainius wrote:
> Hi, Timo,
> what are your plans regarding FreeIPA for Stretch? I guess it would be 4.3.2
> if it makes there? Unfortunately, some of its dependencies are not in testing
> yet which is quite worrying to be honest. Do you plan to release 4.4.x
> backports some time later if they do not make official release?
Dogtag is broken by updates to libresteasy-java and tomcat 8.5, and
it'll take upstream months to get them fixed, so freeipa won't be in
stretch. And softhsm 2.2 broke the Bind-integration..
I'm still doing updates to freeipa in experimental so that I can
sync/merge stuff for Ubuntu, which does not have those regressing
updates. Waiting for 4.4.4 to happen, and then some minor packaging
issues to get sorted.
> P.S. On the same note, I would like to give you some feedback on AD trust
> situation. Basically, it is not possible to get AD trust controller working
> until Samba is built with MIT kerberos on Debian (tested with freeipa 4.3.2
> packages). I tried hard to do that and came to this same conclusion as
> official documentation suggests . But I think "Trust agents"  mode might
> still work so freeipa-server-trust-ad package is not completely useless.
>  https://www.freeipa.org/page/IPAv3_AD_trust#Samba
>  https://www.freeipa.org/page/V4/Trust_agents
Right, that's up to the samba maintainers to fix, more or less.
More information about the Pkg-freeipa-devel