Yes sorry I should expand on my question as per Josh's point my scenario also has an AD trust involved. I recently learned of KDC proxying but I am not sure if replica's and KDC proxies are the preferred/accepted design solutions for DMZ's
Aly On Wed, Oct 7, 2015 at 1:18 PM, Baird, Josh <[email protected]> wrote: > I'm also interested in how people are handling this - especially when > using AD Trusts. > > > > When using a trust, the IPA host not only has to communicate with IPA > servers, but with potentially every AD domain controller in your HUB site. > For us, this is a large number of domain controllers which means we would > need a large number of ACL's on our firewalls to permit the IPA DMZ client > access to the AD domain controllers. > > > > Any suggestions? > > > > Thanks, > > > > Josh > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Aly Khimji > *Sent:* Wednesday, October 07, 2015 1:12 PM > *To:* [email protected] > *Subject:* [Freeipa-users] FreeIPA DMZ topology > > > > Hey guys, > > > > Question for you, would having a replica be the ideal solution for > authorizing hosts in a DMZ? > > > Do you have any use cases for DMZ access/authorization or topologies you > can share for DMZ zones where FreeIPA is used? > > > > Aly > > > > >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
