[Freeipa-devel] IPA to IPA trusts
Alexander Bokovoy
abokovoy at redhat.com
Thu Jun 20 04:45:14 UTC 2013
On Thu, 20 Jun 2013, Dmitri Pal wrote:
>Hello,
>
>I have a stupid idea.
>We now have ability to make IPA trust AD and AD trust IPA. IPA pretends
>that it is AD.
>I wonder how hard it would be to setup the case when there are two IPA
>servers that both pretending that they are AD talking to each other.
This is the plan -- we want to reuse all the work for AD trusts to build
up IPA to IPA trusts: SIDs, SSSD providers. However, we are not there
yet (see below).
>This might be a temp solution for IPA to IPA trusts until we do PADs.
>It might be a temp solution for use cases like this
>https://fedorahosted.org/freeipa/ticket/3742
We need to implement GC service server side.
Additionally, we haven't yet implemented fully part of the trust
procedure in smbd according to the spec, we rely on AD performing that
part for us. Without real AD right now we'd have to know much more about
the other side.
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list