On Tue, Dec 16, 2014 at 11:28:47AM +0200, Genadi Postrilko wrote:
In the Windows Integration guide the need for CA is mentioned.
Both Active Directory and Identity Management must be configured with
integrated certificate services.
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/Windows_Integration_Guide/index.html#trust-requirements
I cannot install CA-less IPA if i want to create a Cross realm trust? If
so, why?
As far as i understand the Trust is Kerberos based.
Thank you for the feedback. You are correct, CAs are not needed to
create trust. I guess the CA requirement (at least on the Windows side)
came form a time where we might wanted to look up some data in AD which
required an authenticated connection and we only wanted to use
LDAPS/StartTLS for this.
There is ongoing work to improve the Windows Integration Guide, I added
a note so that you comment won't get lost.
bye,
Sumit
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
