[Freeipa-users] Intranet password replication to DMZ
Rob Crittenden
rcritten at redhat.com
Tue Aug 27 14:05:59 UTC 2013
Jessie Floyd wrote:
> I've been working on a project where I have multiple IPA domains which
> can't be connected due to scope and purpose of each domain. Ideally I
> would like to replicte a single user's password from a core domain
> server to a satellite ipa domain. I've learned that the password hash
> is not a traditional hash and cant be replicated without some additional
> work. My primary site is a multi-master and the satellite site has its
> own multi-master configuration. As an example I have an intranet server
> which hosts multiple users and a DMZ domain where a limited set of
> admins work. How can I replicate an intranet user from the inside to
> the DMZ? Any pointers or ideas would be helpful.
I'm not entirely clear what it is you want/need to do.
Do you want to set up some sort of fractional replication that
replicates only passwords, and the raw hashes at that? That would do you
no good when it comes to Kerberos.
rob
More information about the Freeipa-users
mailing list