Hello,
we plan to deploy IPA (Red Hat IdM) trust with AD domain but at the moment
we are kind of confused about what type of trust we will need to deal with.
In Red Hat documentation we get an information that:

"... Trusts, then, are essentially unidirectional. Active Directory users
can access IdM resources and services, but IdM users cannot access Active
Directory resources... "
(
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/active-directory-trust.html
)

On the other hand, when I configure the trust I can clearly see that it is
actually bidirectional:
[root@ipaserver ~]# ipa trust-add --type=ad adexample.com --admin
Administrator --password
------------------------------------------------------
Added Active Directory trust for realm "adexample.com"
------------------------------------------------------
  Realm name: adexample.com
  Domain NetBIOS name: ADEXAMPLE
  Domain Security Identifier: S-1-5-21-1689615952-3716327440-3249090444
  Trust direction: Two-way trust
  Trust type: Active Directory domain
  Trust status: Established and verified

I'm afraid that our Windows department will complain and consider this as a
security issue.

Is there anybody who could help me understand this?

Thanks!

All the best.

Jan
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to