On Fri, Feb 03, 2017 at 02:04:55PM -0200, Raul Dias wrote: > Hello, > > Can ipa-client (e.g., anotebook) be in more than one realm? e.g. depending > on the network where it is connected. > > -rsd >
> -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go to http://freeipa.org for more info on the project Hello! It depends what are you expectation about features that will be available on such client. If you just want to be able to obtain Kerberos ticket for a user on the client it will work even without FreeIPA (assuming DNS records for Kerberos are in place). Enrolling the client to two FreeIPA domains is theoretically doable but: a) would require some experimentation and manual tinkering, b) may bring security issues (e.g. sharing the same Kerberos key with both domains), c) will likely result in weird behavior, d) is definitelly not supported nor encouraged. -- David Kupka
signature.asc
Description: PGP signature
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project