[Freeipa-users] Using IPA on Two Completely Different Domains

david t. klein root at nachtmaus.us
Fri Oct 25 11:45:20 UTC 2013 

The most straightforward and maintainable (from the point of view of sensible and obvious data) is to have two FreeIPA domains, each with Krb5 realm the same as its DNS domain, and then setup cross-realm Krb trusts.


HTH

 -DTK

--
david t. klein

Cisco Certified Network Associate (CSCO11281885)
Linux Professional Institute Certification (LPI000165615)
Redhat Certified Engineer (805009745938860)

Quis custodiet ipsos custodes?




-----Original Message-----
From: freeipa-users-bounces at redhat.com [mailto:freeipa-users-bounces at redhat.com] On Behalf Of Trevor T Kates (Services - 6)
Sent: Thursday, October 17, 2013 9:36 AM
To: freeipa-users at redhat.com
Subject: [Freeipa-users] Using IPA on Two Completely Different Domains

Greetings,

I’m looking for some advice with respect to implementing an IPA solution on two different domains. Both domains have names that are completely distinct from each other and are out of my control to change. I have IdM 3.0 under CentOS 6.4 supporting one domain and I’d like to put together another IdM instance for the other domain. There is some overlap of users between the two domains. As such, I was wondering if the best solution would be to just treat the domains as completely distinct and manage the IdM instances separately or if there is a way to link them together such that for the users that overlap, modifications only need to be made once and in one place.

Thanks,

Trevor T. Kates

CONFIDENTIALITY NOTICE:  This electronic message contains information which may be legally confidential and/or privileged and does not in any case represent a firm ENERGY COMMODITY bid or offer relating thereto which binds the sender without an additional express written confirmation to that effect.  The information is intended solely for the individual or entity named above and access by anyone else is unauthorized.  If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful.  If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it.  Thank you.

_______________________________________________
Freeipa-users mailing list
Freeipa-users at redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
-----
No virus found in this message.
Checked by AVG - www.avg.com
Version: 2013.0.3408 / Virus Database: 3222/6767 - Release Date: 10/20/13

More information about the Freeipa-users mailing list