@redhat.com
Subject: Re: [Freeipa-users] proxy with Active Directory
On Wed, 2012-05-09 at 14:19 -0400, Sylvain Angers wrote:
Hello
Our security group have concern with copying username/password from
from AD and might not allow this synchronisation to even happen.
Is there a way to configure ipa
@redhat.com
Subject: Re: [Freeipa-users] proxy with Active Directory
On Wed, 2012-05-09 at 14:19 -0400, Sylvain Angers wrote:
Hello
Our security group have concern with copying username/password from
from AD and might not allow this synchronisation to even happen.
Is there a way to configure
On Thu, 2012-05-10 at 09:27 -0700, Brian Cook wrote:
THe problem with the cross realm trust support as I understand it is
that it requires you to populate posix attributes in AD, which many AD
admins are hesitant to do. You have to install the AD services for
unix pack and create metadata
Hi,
My understanding is passync intercepts the password before its encrypted in AD
and written to the AD's ldap db/disk it cant be decrypted thereafter. It then
sends the plain text password via an encrypted link to IPA, so its pretty safe.
No there is no easy way I know of, though its
Sylvain Angers wrote:
Hello
Our security group have concern with copying username/password from from
AD and might not allow this synchronisation to even happen.
Is there a way to configure ipa to go get username/password via kind of
proxy?
No, the Kerberos credentials don't use the password
On 05/09/2012 03:11 PM, Steven Jones wrote:
Hi,
My understanding is passync intercepts the password before its
encrypted in AD
Yes.
and written to the AD's ldap db/disk
PassSync writes it to a log file on the windows machine, not to the ldap db.
it cant be decrypted thereafter.
...@redhat.com]
Sent: Thursday, 10 May 2012 10:15 a.m.
To: Sylvain Angers
Cc: Freeipa-users@redhat.com
Subject: Re: [Freeipa-users] proxy with Active Directory
On Wed, 2012-05-09 at 14:19 -0400, Sylvain Angers wrote:
Hello
Our security group have concern with copying username/password from
from AD