[Freeipa-users] Certificate Authorities requirement for Cross realm trust?
Sumit Bose
sbose at redhat.com
Tue Dec 16 09:59:30 UTC 2014
On Tue, Dec 16, 2014 at 11:28:47AM +0200, Genadi Postrilko wrote:
> In the Windows Integration guide the need for CA is mentioned.
>
> "Both Active Directory and Identity Management must be configured with
> integrated certificate services."
>
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Windows_Integration_Guide/index.html#trust-requirements
>
> I cannot install CA-less IPA if i want to create a Cross realm trust? If
> so, why?
> As far as i understand the Trust is Kerberos based.
Thank you for the feedback. You are correct, CAs are not needed to
create trust. I guess the CA requirement (at least on the Windows side)
came form a time where we might wanted to look up some data in AD which
required an authenticated connection and we only wanted to use
LDAPS/StartTLS for this.
There is ongoing work to improve the Windows Integration Guide, I added
a note so that you comment won't get lost.
bye,
Sumit
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go To http://freeipa.org for more info on the project
More information about the Freeipa-users
mailing list