[Freeipa-users] Two way trust vs one way trust and IPA features

[Andrey Ptashnik]

Hello,

I’m wondering if establishing two way trust or one way trust in upcoming 4.2 
release somehow is going to affect FreeIPA feature set, like ability to add 
windows groups to external groups or anything else I may not think of right now?

Our Windows security team is expressing concerns about two way trust and we are 
planning to switch to one way when it becomes available. I’m trying to find out 
what could be affected.

Regards,
Andrey

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Two way trust vs one way trust and IPA features

[Alexander Bokovoy]

On Tue, 07 Apr 2015, Andrey Ptashnik wrote:

Hello,

I’m wondering if establishing two way trust or one way trust in
upcoming 4.2 release somehow is going to affect FreeIPA feature set,
like ability to add windows groups to external groups or anything else
I may not think of right now?

No, it should not affect existing feature set. There will be some
tightening of access controls for how administrative tasks would be done
to some degree but they already required admin privileges anyway so it
is not a change in functionality.


Our Windows security team is expressing concerns about two way trust
and we are planning to switch to one way when it becomes available. I’m
trying to find out what could be affected.

Nothing really changes between current use of two-way trust and a future
one-way trust in a sense of what is already available to IPA side to
look up on AD side.

--
/ Alexander Bokovoy

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project