Yes sorry I should expand on my question as per Josh's point my scenario
also has an AD trust involved.
I recently learned of KDC proxying but I am not sure if replica's and KDC
proxies are the preferred/accepted design solutions for DMZ's

Aly

On Wed, Oct 7, 2015 at 1:18 PM, Baird, Josh <jba...@follett.com> wrote:

> I'm also interested in how people are handling this - especially when
> using AD Trusts.
>
>
>
> When using a trust, the IPA host not only has to communicate with IPA
> servers, but with potentially every AD domain controller in your HUB site.
> For us, this is a large number of domain controllers which means we would
> need a large number of ACL's on our firewalls to permit the IPA DMZ client
> access to the AD domain controllers.
>
>
>
> Any suggestions?
>
>
>
> Thanks,
>
>
>
> Josh
>
>
>
> *From:* freeipa-users-boun...@redhat.com [mailto:
> freeipa-users-boun...@redhat.com] *On Behalf Of *Aly Khimji
> *Sent:* Wednesday, October 07, 2015 1:12 PM
> *To:* freeipa-users@redhat.com
> *Subject:* [Freeipa-users] FreeIPA DMZ topology
>
>
>
> Hey guys,
>
>
>
> Question for you, would having a replica be the ideal solution for
> authorizing hosts in a DMZ?
>
>
> Do you have any use cases for DMZ access/authorization or topologies you
> can share for DMZ zones where FreeIPA is used?
>
>
>
> Aly
>
>
>
>
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to