Stephen > > Can you have a domain that belongs to a Kerberos realm with a completely > different domain? For example, could example.com belong to the > ANOTHERDOMAIN.COM realm as long as we control DNS for both and have all the > necessary SRV and TXT records to locate it and krb5.conf is configured > properly?
This will indeed work. Its however highly discouraged by FreeIPA. For example, if you do go this way, you will never be able to establish trust relationship with Active directory as Active directory will not accept this setup. Also, you will be on untested territory. I don't think may people use this setup, so the code may not be well exercised in such a setup. On the positive side, you could help FreeIPA project flash out any bug that such a setup may expose. Regards, William -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project