In a previous life, I was DNS hostmaster for a large Fortune-rated firm for
about a year. We used views in the typical way (internal vs external), but
we also had a third view, in which we black-holed domains known to either
propagate viruses or to be used for CC. We would forward the traffic to
The most straightforward and maintainable (from the point of view of sensible
and obvious data) is to have two FreeIPA domains, each with Krb5 realm the same
as its DNS domain, and then setup cross-realm Krb trusts.
HTH
-DTK
--
david t. klein
Cisco Certified Network Associate
On Fri, 25 Oct 2013, david t. klein wrote:
The most straightforward and maintainable (from the point of view of
sensible and obvious data) is to have two FreeIPA domains, each with
Krb5 realm the same as its DNS domain, and then setup cross-realm Krb
trusts.
Right now FreeIPA does not support
Hello,
On 25.10.2013 13:28, david t. klein wrote:
In a previous life, I was DNS hostmaster for a large Fortune-rated firm for
about a year. We used views in the typical way (internal vs external), but
we also had a third view, in which we black-holed domains known to either
propagate viruses or
Thomson, Ryan wrote:
-Original Message-
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: Thursday, October 24, 2013 11:41 AM
To: Thomson, Ryan; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Failure decoding Certificate Signing Request
Thomson, Ryan wrote:
-Original
-Original Message-
From: Rob Crittenden [mailto:rcrit...@redhat.com]
Sent: Friday, October 25, 2013 10:54 AM
To: Thomson, Ryan; freeipa-users@redhat.com
Subject: Re: [Freeipa-users] Failure decoding Certificate Signing Request
Thomson, Ryan wrote:
-Original Message-