On 11/05/2013 02:05 PM, EP wrote: > Thanks for your answers so far. > > A question about cross realm trusts though: This requires the AD servers to > be available when doing a login via FreeIPA, right? Or is FreeIPA caching > information from AD? > > We don't want Linux logins to be dependent on a windows server being > available, that won't end well :)
Yes it is because the authentication actually happens against the domain the user belongs to. If user is in AD then AD will authenticate the user and then the tickets will be exchanged between domains to allow user to access services in other domains. If you want users to be in IPA then you would have to sync. > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
