At work, I manage a small lab that is used by my team (< 10 people). All lab users are currently managed in the lab FreeIPA, but we all use it extensively, so creating separate credentials for the lab isn't overly burdensome.
We're now expanding the lab, and the number of users who may need access to it at some point is set to grow dramatically. Additionally, many of these people are likely to be "one shot" users; they will need access to some lab resources for a week or so and then not use it again for months. For these users, I would *really* like to avoid the usual user creation/password reset dance.
Fortunately(?) all of these users already have credentials in our corporate IPA infrastructure. Is it possible to define users in the local IdM server that will use the corporate server for authentication?
Ian Pilcher via FreeIPA-users wrote:
At work, I manage a small lab that is used by my team (< 10 people). All lab users are currently managed in the lab FreeIPA, but we all use it extensively, so creating separate credentials for the lab isn't overly burdensome.
We're now expanding the lab, and the number of users who may need access to it at some point is set to grow dramatically. Additionally, many of these people are likely to be "one shot" users; they will need access to some lab resources for a week or so and then not use it again for months. For these users, I would *really* like to avoid the usual user creation/password reset dance.
Fortunately(?) all of these users already have credentials in our corporate IPA infrastructure. Is it possible to define users in the local IdM server that will use the corporate server for authentication?
There is no IPA-to-IPA trust yet. Once true two-way IPA to AD trust is done that brings us a lot closer to IPA-to-IPA but there is still a bit of work to happen. There is no ETA.
rob
freeipa-users@lists.fedorahosted.org
-
Ian Pilcher -
Rob Crittenden