On Tue, 2012-06-19 at 13:26 +0100, James Hogarth wrote:
> > I wonder if the (very) new IPA AD trust feature could solve at least
> > some of your problems. Have a look at
> > http://freeipa.org/page/IPAv3_testing_AD_trust for some info on how this
> > can be tested.
> >
> 
> The initial documentation looks like it's describing a full two way
> trust - in principal would a one way trust be feasible?
> 
> Allow the AD users (or a selection thereof) access to the systems part
> of the IPA domain but not vice versa?

Well, at the moment we only set up a two way trust
but the windows admins would certainly be able to delete the outgoing
trust right after it is created, it should cause trouble for win users
that want to access ipa hosts.

We may take an RFE about creating only a one way trust, but it won't be
there by 3.0 I think.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to