On 07/18/2016 03:57 PM, Rob Crittenden wrote:
> Grant Wu wrote:
>> Thanks for the information.  Do you know if there are any plans to
>> support cross-realm trust with general KDCs?
> https://fedorahosted.org/freeipa/ticket/4867
> rob

In general, IPA contains krb5 component which can be in theory
configured to trust other krb5 KDC. But this procedure is manual. IPA
doesn't provide any tooling to easy it and it is not tested therefore
not supported. The general Kerberos realm trust is not planned for any
upcoming release mostly because we don't see a big demand for it. Feel
free to cc yourself or add comment to
https://fedorahosted.org/freeipa/ticket/4917 It will raise the visible

Ticket 4867 is different, it is about IPA-IPA trusts where the scope is
more confined. It may or may not(more probable) allow the trust with
general KDC as a side effect. Demand for IPA-IPA trust is raising so it
is definitively on our radar and has a chance to be implemented in some
of upcoming releases.

For completeness, there is also a RFE to support IPA-SAMBA 4 DC trusts:
Petr Vobornik

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to