On Tue, Dec 16, 2014 at 11:28:47AM +0200, Genadi Postrilko wrote:
> In the Windows Integration guide the need for CA is mentioned.
> 
> "Both Active Directory and Identity Management must be configured with
> integrated certificate services."
> 
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Windows_Integration_Guide/index.html#trust-requirements
> 
> I cannot install CA-less IPA if i want to create a Cross realm trust? If
> so, why?
> As far as i understand the Trust is Kerberos based.

Thank you for the feedback. You are correct, CAs are not needed to
create trust. I guess the CA requirement (at least on the Windows side)
came form a time where we might wanted to look up some data in AD which
required an authenticated connection and we only wanted to use
LDAPS/StartTLS for this.

There is ongoing work to improve the Windows Integration Guide, I added
a note so that you comment won't get lost.

bye,
Sumit

> -- 
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go To http://freeipa.org for more info on the project

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to