On (17/08/15 14:37), Alexander Bokovoy wrote: >On Mon, 17 Aug 2015, Ramy Allam wrote: >>Hello, >> >>I'm running ipa-server-4.1.0-18.el7.centos.4.x86_64 on a CentoOS 7 machine. >>And need to setup ipa-4.1.0 on a CentOS 6 machine. >> >>CentOS 6 repo has ipa-client-3 available. Where can i find v4 for CentOS 6 >>please ? >Nowhere. Read this thread: >https://www.redhat.com/archives/freeipa-users/2014-February/msg00255.html > >>The reason i need to setup ipa-clientv4 on CentOS6 is clientv3 doesn't >>support OTP authentication. >Regardless of IPA version, the lack of OTP authentication will not be >fixed with a backport of IPA4. OTP authentication needs newer Kerberos >library with changed ABI so it will not appear on RHEL6/CentOS6. > >Ideally you need newer SSSD which understands newer Kerberos API for >pre-auth conversations and may be even more. This is definitely going >outside of any sensible support scope, upstream or downstream. > rhel6.7 already contains sufficient version of sssd sssd-1.12.4-4x.el6
It just does not contain separate prompting for password and token. https://fedorahosted.org/sssd/ticket/2335 I'm also not aware of dependency on special feature from libkrb5 on sssd side. At least, we do not detect it at compile time. SSSD is not a blocker for rhel6 client with ipa-server-4.1. LS -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
