On 28.01.19 12:42, Alexander Bokovoy wrote:
On ma, 28 tammi 2019, Ronald Wimmer via FreeIPA-users wrote:
[...]
> Is there any experience on how to deal with such a situation?
Really depends on where these existing clients are located and what is
their function. Do they belong to some other Kerberos realm already?
Like some Active Directory domain?
Some scenarios are covered by
https://rhelblog.redhat.com/2016/07/13/i-really-cant-rename-my-hosts/
and related articles linked from that blog.
It looks like option 3b from your link would work. I do not care if I
lose Kerberos functionality. What I do care about is if I still have the
possibility to use
- IPA users for logging in on these systems
- users coming form AD
- sudo rules
- HBAC rules
Cheers,
Ronald