I've got some thoughts on 4-th point: there is a http://pgina.org/ pgina
project, may be them are able to do such thing.

20.02.2014 04:23, Dmitri Pal пишет:
> Hello,
> I want to summarize our position regarding joining Windows systems
> into IPA.
> 1) If you already have AD we recommend using this system with AD and
> using trusts between AD and IPA.
> 2) If you do not have AD then use Samba 4 instead of it. It would be
> great when Samba 4 grows capability to establish trusts. Right now it
> can't but there is an effort going on. If you are interested - please
> contribute.
> 3) If neither of the two options work for you you can configure
> Windows system to work directly with IPA as described on the wiki. It
> is an option of last resort because IPA does not provide the services
> windows client expects. If this is good enough for you, fine by us.
> 4) Build a native Windows client (cred provider) for IPA using latest
> Kerberos. IMO this would be really useful if someone does that because
> we will not build this ourselves. With the native OTP support in IPA
> it becomes a real business opportunity to provide a native 2FA inside
> enterprise across multiple platforms. But please do it open source way
> otherwise we would not recommend you ;-)

Freeipa-users mailing list

Reply via email to