So how would one handle "out of domain principals" ?
you have an internal domain: internal.ipa
and an external domain: company.com
You have a host that is external so it's hostname is host.company.com
You want to kerberize the webserver that runs on that host and access it by
it's "real" fqdn host.company.com.
Do you create different principals for the different services then?
and for the webserver http/host.company....@internal.ipa
And make sure there are SRV/TXT records for the INTERAL.IPA in the company.com
Freeipa-users mailing list