On Tue, 07 Apr 2015, Andrey Ptashnik wrote:
I’m wondering if establishing two way trust or one way trust in
upcoming 4.2 release somehow is going to affect FreeIPA feature set,
like ability to add windows groups to external groups or anything else
I may not think of right now?
No, it should not affect existing feature set. There will be some
tightening of access controls for how administrative tasks would be done
to some degree but they already required admin privileges anyway so it
is not a change in functionality.
Our Windows security team is expressing concerns about two way trust
and we are planning to switch to one way when it becomes available. I’m
trying to find out what could be affected.
Nothing really changes between current use of two-way trust and a future
one-way trust in a sense of what is already available to IPA side to
look up on AD side.
/ Alexander Bokovoy
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project