Project

General

Profile

Feature #8595

Support realm proxy on host that isn't enrolled to FreeIPA

Added by Dominic Cleal almost 6 years ago.

Status:
New
Priority:
Low
Assignee:
-
Category:
Realm
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Pull request:
Fixed in Releases:
Found in Releases:

Description

The freeipa realm provider checks /etc/ipa/default.conf for information about the FreeIPA server, which assumes the host that the proxy is running on is enrolled to the realm - usually the smart proxy would run on the FreeIPA server anyway, by design.

In theory though, it could be set up remotely with a keytab and perhaps derive the server name from configuration or discovery.

Also available in: Atom PDF