[Freeipa-users] Trust between IPA and another MIT Kerberos Realm
Rob Crittenden
rcritten at redhat.com
Wed Nov 27 03:57:06 UTC 2013
Matt Bryant wrote:
> All,
>
> Is there any documentation anywhere that describes whether this can be
> done and how to do it ?? Would like to set up a one way trust between a
> new IPA realm and a legacy kerberos realm. The doco explicitly says dont
> use kadmin/kadmin.local so not sure how to get the
> krbtgt/OLD_REALM at IPA-REALM principle into IPA that would facilitate such
> a trust.
We haven't implemented (or tested) this yet. It is just MIT Kerberos
under-the-hood so in theory creating the right principals should do the
trick.
If you have IPA 3.0+ then you can use kadmin to create the principals
you need. IIRC the RHEL Kerberos documentation is fairly good in this
regard.
rob
More information about the Freeipa-users
mailing list