On Thu, 2011-05-26 at 05:51 +0000, Steven Jones wrote: > Quickly as Im late. > > We are setting up cross realm from AD to a school who runs MIT Kerberos with > openldap underneath....A windows client in our domain can then connect to a > school resource where its connected to the school's centralised setup.... > > So its possible, yes. > > Not with freeipa from what Ive seen posted, yet...next version I am assuming > so.
Freeipa does not give you UI or tools to do it, although creating a Kerberos trust is a very simple matter using kadmin.local to create the proper principals. Everything else would work like in the Kerberos+openldap setup in the school you meantion. So it is technically possible, we simply do not yet make it easy for you by providing wrappers. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users