[Pkg-freeipa-devel] FreeIPA and Stretch

Timo Aaltonen tjaalton at debian.org
Tue Mar 14 11:52:35 UTC 2017

On 14.03.2017 13:46, Modestas Vainius wrote:
> Hi, Timo,
> what are your plans regarding FreeIPA for Stretch? I guess it would be 4.3.2 
> if it makes there? Unfortunately, some of its dependencies are not in testing 
> yet which is quite worrying to be honest. Do you plan to release 4.4.x 
> backports some time later if they do not make official release?

Dogtag is broken by updates to libresteasy-java and tomcat 8.5, and
it'll take upstream months to get them fixed, so freeipa won't be in
stretch. And softhsm 2.2 broke the Bind-integration..

I'm still doing updates to freeipa in experimental so that I can
sync/merge stuff for Ubuntu, which does not have those regressing
updates. Waiting for 4.4.4 to happen, and then some minor packaging
issues to get sorted.

> P.S. On the same note, I would like to give you some feedback on AD trust 
> situation. Basically, it is not possible to get AD trust controller working 
> until Samba is built with MIT kerberos on Debian (tested with freeipa 4.3.2 
> packages). I tried hard to do that and came to this same conclusion as 
> official documentation suggests [1]. But I think "Trust agents" [2] mode might 
> still work so freeipa-server-trust-ad package is not completely useless.
> [1] https://www.freeipa.org/page/IPAv3_AD_trust#Samba
> [2] https://www.freeipa.org/page/V4/Trust_agents

Right, that's up to the samba maintainers to fix, more or less.


More information about the Pkg-freeipa-devel mailing list