On 29 Jan 2018, at 12:31, Alexander Bokovoy <abokovoy@redhat.com> wrote:On ma, 29 tammi 2018, Alexandre Cardoso wrote:Hi,You cannot change Kerberos realm after the deployment.
We have 2 major projects with several servers each project until now we
only have one IPA server and want to implement a second one in other
site for the other project and want to implement it also as a failover
to the other IPA server site.
So if I can have 2 domains and if possible to change the realm I would
reconfigure the already in place IPA to have an general realm and when
installing ida-replica-install in the new server I can have a different
domain and use the general realm right?
You can add more IPA replicas in other DNS domains, no problem.After that the clients will reach each other via DNS query right?Yes.
Thanks
AlexOn 29 Jan 2018, at 12:19, Alexander Bokovoy <abokovoy@redhat.com> wrote:
On ma, 29 tammi 2018, Alexandre Cardoso wrote:Hummm.that is bad…for me…I don't think so. If you have different realms, you are dealing with two
Is that a way I can change the already in place Realm without affecting
existing users/hosts so I can adapt to multi site/domain?
different deployments that are unrelated to each other.
What these realms represent? Two different IPA deployments or something
else? A bit of context would have helped.
Thanks
AlexOn 29 Jan 2018, at 10:45, Alexander Bokovoy <abokovoy@redhat.com> wrote:
On ma, 29 tammi 2018, Alexandre Cardoso wrote:Thanks Alexander,IPA only supports a single Kerberos realm.
And if I have different realms this can work?
--
/ Alexander Bokovoy
--
/ Alexander Bokovoy
--
/ Alexander Bokovoy