Hello list, I’m managing the network for my hackerspace, and we’re moving to FreeIPA (from plain LDAP) to manage internal and external services.
We have some services that are hosted on public, external machines (wiki, etc.) that members would authenticate to via Ipsilon OAuth2 that are under the main domain (e.g. wiki.example.org), and some internally hosted services that are under a subdomain (e.g. netbox.hq.example.org). My plan is to have a IPA replica on the ”outside” with Ipsilon for external auth, and a couple of local replicas (one of which is the ca master). The outside replica would be connected via VPN to the internal network, to avoid opening lots of ports to the outside world. I’m having some difficulties choosing the proper Kerberos domain, and in general putting together the ”external” world (example.org domain) and the ”internal” one (hq.example.com domain) because the DNS server on the main domain is under CloudFlare. Would getting a new domain just for FreeIPA be advisable? Thanks, Aljaž -- Aljaž Srebrnič a.k.a g5pw My public key: https://g5pw.me/key Key fingerprint = 2109 8131 60CA 01AF 75EC 01BF E140 E1EE A54E E677 _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
