So how would one handle "out of domain principals" ?

you have an internal domain: internal.ipa
and an external domain:

You have a host that is external so it's hostname is
You want to kerberize the webserver that runs on that host and access it by
it's "real" fqdn

Do you create different principals for the different services then?
like host/host.internal....@internal.ipa
and for the webserver http/

And make sure there are SRV/TXT records for the INTERAL.IPA in the 

Freeipa-users mailing list

Reply via email to