I’m managing the network for my hackerspace, and we’re moving to FreeIPA (from
plain LDAP) to manage internal and external services.
We have some services that are hosted on public, external machines (wiki, etc.)
that members would authenticate to via Ipsilon OAuth2 that are under the main
domain (e.g. wiki.example.org), and some internally hosted services that are
under a subdomain (e.g. netbox.hq.example.org).
My plan is to have a IPA replica on the ”outside” with Ipsilon for external
auth, and a couple of local replicas (one of which is the ca master). The
outside replica would be connected via VPN to the internal network, to avoid
opening lots of ports to the outside world.
I’m having some difficulties choosing the proper Kerberos domain, and in
general putting together the ”external” world (example.org domain) and the
”internal” one (hq.example.com domain) because the DNS server on the main
domain is under CloudFlare.
Would getting a new domain just for FreeIPA be advisable?
Aljaž Srebrnič a.k.a g5pw
My public key: https://g5pw.me/key
Key fingerprint = 2109 8131 60CA 01AF 75EC 01BF E140 E1EE A54E E677
FreeIPA-users mailing list -- email@example.com
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org