[Freeipa-users] Creating trust relationship that survive password rotation
William Muriithi
william.muriithi at gmail.com
Thu Apr 6 00:25:17 UTC 2017
Good evening,
I am looking through the IPA documentation and it looks like I will
need a password that don't expire on the active directory side.
These are the two documented ways.
ipa trust-add --type=ad ad.example.com --admin Administrator –password
ipa trust-add --type=ad ad.example.com --trust-secret
I had initially used the first method, but we recently started
rotating the admin password. I suspect this has broken the trust and
looking on a more durable solution.
On closely reading through the trust secret section on the
documentation, it looks like it also involve using a password. I
thought I had read somewhere that trust can be done without a
permanent password, but this don't seem like the case now.
Is there a way of creating trust, without putting an none expire
exception on the active directory trust account?
Regards,
William
More information about the Freeipa-users
mailing list