The most straightforward and maintainable (from the point of view of sensible 
and obvious data) is to have two FreeIPA domains, each with Krb5 realm the same 
as its DNS domain, and then setup cross-realm Krb trusts.



david t. klein

Cisco Certified Network Associate (CSCO11281885)
Linux Professional Institute Certification (LPI000165615)
Redhat Certified Engineer (805009745938860)

Quis custodiet ipsos custodes?

-----Original Message-----
[] On Behalf Of Trevor T Kates (Services 
- 6)
Sent: Thursday, October 17, 2013 9:36 AM
Subject: [Freeipa-users] Using IPA on Two Completely Different Domains


I’m looking for some advice with respect to implementing an IPA solution on two 
different domains. Both domains have names that are completely distinct from 
each other and are out of my control to change. I have IdM 3.0 under CentOS 6.4 
supporting one domain and I’d like to put together another IdM instance for the 
other domain. There is some overlap of users between the two domains. As such, 
I was wondering if the best solution would be to just treat the domains as 
completely distinct and manage the IdM instances separately or if there is a 
way to link them together such that for the users that overlap, modifications 
only need to be made once and in one place.


Trevor T. Kates

CONFIDENTIALITY NOTICE:  This electronic message contains information which may 
be legally confidential and/or privileged and does not in any case represent a 
firm ENERGY COMMODITY bid or offer relating thereto which binds the sender 
without an additional express written confirmation to that effect.  The 
information is intended solely for the individual or entity named above and 
access by anyone else is unauthorized.  If you are not the intended recipient, 
any disclosure, copying, distribution, or use of the contents of this 
information is prohibited and may be unlawful.  If you have received this 
electronic transmission in error, please reply immediately to the sender that 
you have received the message in error, and delete it.  Thank you.

Freeipa-users mailing list
No virus found in this message.
Checked by AVG -
Version: 2013.0.3408 / Virus Database: 3222/6767 - Release Date: 10/20/13

Freeipa-users mailing list

Reply via email to