On 08/16/2012 09:14 PM, Michael Mercier wrote:

I was wondering what the security implications would be setting up a
server to be a freeipa client at one site, and have it join a freeipa
system over the internet at another site.

ipaclient (siteA) <-- internet --> ipaserver (siteB)

Is there an IPA document that describes this situation?

I'm not aware of any such document but IPA was designed to be secure in multiple ways including traffic on open networks. All network traffic that is sensitive is tunneled in some fashion, usually either by the kerberos protocol or the SSL/TLS protocols. IPA also makes sure strong encryption is utilized for those tunnels. Strong authentication is also required at the endpoints of those tunnels.

It really wouldn't make much sense to design an authentication and security manager that itself wasn't secure :-)

John Dennis <jden...@redhat.com>

Looking to carve out IT costs?

Freeipa-users mailing list

Reply via email to