On 11/05/2013 02:05 PM, EP wrote:
> Thanks for your answers so far.
>
> A question about cross realm trusts though: This requires the AD servers to 
> be available when doing a login via FreeIPA, right? Or is FreeIPA caching 
> information from AD?
>
> We don't want Linux logins to be dependent on a windows server being 
> available, that won't end well :)

Yes it is because the authentication actually happens against the domain
the user belongs to.
If user is in AD then AD will authenticate the user and then the tickets
will be exchanged between domains to allow user to access services in
other domains.
If you want users to be in IPA then you would have to sync.

>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users


-- 
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/



_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to