> Well, at the moment we only set up a two way trust
> but the windows admins would certainly be able to delete the outgoing
> trust right after it is created, it should cause trouble for win users
> that want to access ipa hosts.
> We may take an RFE about creating only a one way trust, but it won't be
> there by 3.0 I think.
Gotcha - I know here I'll probably end up with a requirement for
windows users to access one or more of my linux systems (and web
interfaces) with their windows AD credentials but there is no way the
Windows team (or IT Security) would want my users in IPA to be able to
log into the windows clients etc in the enterprise.
Freeipa-users mailing list