On Tue, Dec 16, 2014 at 11:28:47AM +0200, Genadi Postrilko wrote: > In the Windows Integration guide the need for CA is mentioned. > > "Both Active Directory and Identity Management must be configured with > integrated certificate services." > > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Windows_Integration_Guide/index.html#trust-requirements > > I cannot install CA-less IPA if i want to create a Cross realm trust? If > so, why? > As far as i understand the Trust is Kerberos based.
Thank you for the feedback. You are correct, CAs are not needed to create trust. I guess the CA requirement (at least on the Windows side) came form a time where we might wanted to look up some data in AD which required an authenticated connection and we only wanted to use LDAPS/StartTLS for this. There is ongoing work to improve the Windows Integration Guide, I added a note so that you comment won't get lost. bye, Sumit > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go To http://freeipa.org for more info on the project -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project