Thank you for the clarification regarding PAD. I read through the IEFT-draft, and it's a petty that it never was implemented. But I have always though that SIDs does make more sense, from a design point of view.
I read through the section from sssd.conf-manpage, and that was enlightening regarding how PACs are handled. I am aware that the users have to be exactly the same, for our planned setup, that is no problem, since the LAB-realm that is trusting our main-realm, and is primarily a test-bench and a technical playground. Its no more complicated than running a barebone MIT-realm, on top of a FLAT passwd-/group-file or a simple LDAP-backend. I hope we will see a trust-relationship between IPA-realms implemented in a not too distant future. If we had more resources, we would have have loved to sponsor or contribute to the development. _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
