[Freeipa-users] Two way A/D trust versus one way trust
Greg Scott
GregScott at infrasupport.com
Tue Sep 16 15:39:38 UTC 2014
> Even when IPA implement GC support, nothing will change: by default any user that has no explicit
> permission in ACLs, gets what is given to all authenticated users, i.e. default read access. When GC
> is there all that will change is that there will be ability to resolve IPA users on AD side, thus allowing
> AD users to assign specific permissions to IPA users.
Agreed. That's close to word for word what I told them. However, the perception that Windows AD trusts Linux IPA scares them, even though Windows admins still have total control over who can see what in their environment. It's all perception because Linux is foreign and Windows is well known on that side of the fence. Something to keep in mind when you build it. Perception drives lots of decisions and they're not always rational. Meantime, I can probably find some Microsoft documentation about what trusts really mean that might make them more comfortable.
- Greg
More information about the Freeipa-users
mailing list