Hello list,
I’m managing the network for my hackerspace, and we’re moving to FreeIPA (from 
plain LDAP) to manage internal and external services.

We have some services that are hosted on public, external machines (wiki, etc.) 
that members would authenticate to via Ipsilon OAuth2 that are under the main 
domain (e.g. wiki.example.org), and some internally hosted services that are 
under a subdomain (e.g. netbox.hq.example.org).

My plan is to have a IPA replica on the ”outside” with Ipsilon for external 
auth, and a couple of local replicas (one of which is the ca master). The 
outside replica would be connected via VPN to the internal network, to avoid 
opening lots of ports to the outside world.

I’m having some difficulties choosing the proper Kerberos domain, and in 
general putting together the ”external” world (example.org domain) and the 
”internal” one (hq.example.com domain) because the DNS server on the main 
domain is under CloudFlare.

Would getting a new domain just for FreeIPA be advisable?


Aljaž Srebrnič a.k.a g5pw
My public key:  https://g5pw.me/key
Key fingerprint = 2109 8131 60CA 01AF 75EC  01BF E140 E1EE A54E E677
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to