is this how ipa works?
End State 5. A cross-realm trust is established between UNIX-based Kerberos and
Active Directory–based Kerberos in UNIX and Windows infrastructures that remain
separate. Windows and UNIX clients each authenticate to their own Kerberos Key
Distribution Center (KDC) and (if the trust is two-way) can then access
resources hosted by computers on the other side.
My understanding is its simpler.....just a password sync? which I guess is
achieved by that password sync.
Freeipa-users mailing list