[Freeipa-users] Do I need/want multiple kerberos realms?
Guy Matz
gmatz at collective.com
Tue Feb 19 19:13:04 UTC 2013
Hi! FreeIPA newbie here, with experience in DNS & LDAP . . .
I am inheriting a FreeIPA installation which needs to expand to multiple
datacenters, and was hoping for a little advice. The current freeipa
setup uses a subdomain, ny.company.com - with a kerberos realm
NY7.COMPANY.COM - and I'm wondering if I want to continue this by
creating additional subdomains & realms for the other datacenters, or if
I'm better off flattening the namespace to company.com for all datacenters.
The reasons to use subdomains are generally:
1. to avoid naming collisions
2. to delegate administration to some other unit.
Did I miss anything? I don't plan on doing either of those, so I'm
looking to flatten the namespace. Anyone have any thoughts? Especially
on the kerberos portion of this question? Thanks a lot!!
Guy
More information about the Freeipa-users
mailing list