[Freeipa-users] IPA KDC Proxy
Christian Heimes
cheimes at redhat.com
Fri Jan 22 11:04:03 UTC 2016
On 2016-01-22 11:25, Winfried de Heiden wrote:
> Now, is it possible to use the IPA-server as a proxy for the trusted
> Windows Domain? How...?
I haven't tried yet it but it should be possible. MS-KKDCP requests are
prefixed with the requested realm name. You have to configure the
mapping from real name to KDC on the *server*, too. The KDC Proxy
service uses /etc/krb5.conf to map realms to servers.
Please add a configuration for [realms] WINDOWS.EXAMPLE.COM on the IPA
server and restart Apache HTTPD. The configuration on IPA server must
use the Kerboers protocol over port 88 for KDC, 749 for kadmin and 464
for kpasswd. You can't use KDC Proxy here.
Christian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160122/46fc1a29/attachment.sig>
More information about the Freeipa-users
mailing list