On 07/18/2016 03:57 PM, Rob Crittenden wrote: > Grant Wu wrote: >> Thanks for the information. Do you know if there are any plans to >> support cross-realm trust with general KDCs? > > https://fedorahosted.org/freeipa/ticket/4867 > > rob
In general, IPA contains krb5 component which can be in theory configured to trust other krb5 KDC. But this procedure is manual. IPA doesn't provide any tooling to easy it and it is not tested therefore not supported. The general Kerberos realm trust is not planned for any upcoming release mostly because we don't see a big demand for it. Feel free to cc yourself or add comment to https://fedorahosted.org/freeipa/ticket/4917 It will raise the visible demand. Ticket 4867 is different, it is about IPA-IPA trusts where the scope is more confined. It may or may not(more probable) allow the trust with general KDC as a side effect. Demand for IPA-IPA trust is raising so it is definitively on our radar and has a chance to be implemented in some of upcoming releases. For completeness, there is also a RFE to support IPA-SAMBA 4 DC trusts: https://fedorahosted.org/freeipa/ticket/4866 -- Petr Vobornik -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project