On 22/07/2024 11:44, Jonathan Oxidnation via FreeIPA-users wrote:
Hello everybody,
I have a question about the objects created when we establish a trust between
freeipa servers and an Active Directory Microsoft.
There is something that could refresh the objects to renew the sensitive data?
In my situation I used a AD account (with admin privileges) to create the
trust. But after several months, the objects do not refresh themself.
(WhenChanged attribute on the AD side has an old date)
This question comes from our security team asking to renew the object to
guarantee the security of the trust.
Regards,
Would re-running 'ipa trust-add' do what you want?
You should check the documentation, but I'm pretty sure it's safe to
re-run it, and it will re-use the existing id ranges. We did this when
upgrading from a one-way to a two-way trust.
--
Sam Morris <https://robots.org.uk/>
PGP: rsa4096/CAAA AA1A CA69 A83A 892B 1855 D20B 4202 5CDA 27B9
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
