Jessie Floyd wrote:
I've been working on a project where I have multiple IPA domains which
can't be connected due to scope and purpose of each domain. Ideally I
would like to replicte a single user's password from a core domain
server to a satellite ipa domain. I've learned that the password hash
is not a traditional hash and cant be replicated without some additional
work. My primary site is a multi-master and the satellite site has its
own multi-master configuration. As an example I have an intranet server
which hosts multiple users and a DMZ domain where a limited set of
admins work. How can I replicate an intranet user from the inside to
the DMZ? Any pointers or ideas would be helpful.
I'm not entirely clear what it is you want/need to do.
Do you want to set up some sort of fractional replication that
replicates only passwords, and the raw hashes at that? That would do you
no good when it comes to Kerberos.
Freeipa-users mailing list