[Freeipa-users] Migration from FreeIPA 1.2.1 to 2
Steven Jones
Steven.Jones at vuw.ac.nz
Thu May 26 20:19:51 UTC 2011
Hi,
The school has had its own kerberos-ldap for a decade but its a one off they are cumputer science so have "rocket scientists" to run it....its not what we want to use as we need to consider "normal" user and windows admins who need to be able to use a solution...
Its good to know the kerberos linking up would work....another plus for IPA....because its probable that this will be a requirement further along, but if I have to look for something with all the bells and whistles its 100s of K and a long time to put it in, and huge opex costs....and TCO wise I dont see it as worthwhile (think oracle Identity).....hence something low cost that does 90% of what we need ie the real core functionality is the only sane / cost effective way IMHO.
regards
________________________________________
From: Simo Sorce [simo at redhat.com]
Sent: Friday, 27 May 2011 1:10 a.m.
To: Steven Jones
Cc: Christian Horn; Erinn Looney-Triggs; freeipa-users at redhat.com
Subject: Re: [Freeipa-users] Migration from FreeIPA 1.2.1 to 2
On Thu, 2011-05-26 at 05:51 +0000, Steven Jones wrote:
> Quickly as Im late.
>
> We are setting up cross realm from AD to a school who runs MIT Kerberos with openldap underneath....A windows client in our domain can then connect to a school resource where its connected to the school's centralised setup....
>
> So its possible, yes.
>
> Not with freeipa from what Ive seen posted, yet...next version I am assuming so.
Freeipa does not give you UI or tools to do it, although creating a
Kerberos trust is a very simple matter using kadmin.local to create the
proper principals.
Everything else would work like in the Kerberos+openldap setup in the
school you meantion.
So it is technically possible, we simply do not yet make it easy for you
by providing wrappers.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list