[Freeipa-users] Two way trust vs one way trust and IPA features
Alexander Bokovoy
abokovoy at redhat.com
Tue Apr 7 18:25:11 UTC 2015
On Tue, 07 Apr 2015, Andrey Ptashnik wrote:
>Hello,
>
>I’m wondering if establishing two way trust or one way trust in
>upcoming 4.2 release somehow is going to affect FreeIPA feature set,
>like ability to add windows groups to external groups or anything else
>I may not think of right now?
No, it should not affect existing feature set. There will be some
tightening of access controls for how administrative tasks would be done
to some degree but they already required admin privileges anyway so it
is not a change in functionality.
>Our Windows security team is expressing concerns about two way trust
>and we are planning to switch to one way when it becomes available. I’m
>trying to find out what could be affected.
Nothing really changes between current use of two-way trust and a future
one-way trust in a sense of what is already available to IPA side to
look up on AD side.
--
/ Alexander Bokovoy
More information about the Freeipa-users
mailing list