On Mon, Jan 28, 2019 at 1:02 PM Ronald Wimmer via FreeIPA-users
<freeipa-users(a)lists.fedorahosted.org> wrote:
On 28.01.19 12:42, Alexander Bokovoy wrote:
> On ma, 28 tammi 2019, Ronald Wimmer via FreeIPA-users wrote:
> [...]
>> Is there any experience on how to deal with such a situation?
> Really depends on where these existing clients are located and what is
> their function. Do they belong to some other Kerberos realm already?
> Like some Active Directory domain?
>
> Some scenarios are covered by
>
https://rhelblog.redhat.com/2016/07/13/i-really-cant-rename-my-hosts/
> and related articles linked from that blog.
It looks like option 3b from your link would work. I do not care if I
lose Kerberos functionality. What I do care about is if I still have the
possibility to use
- IPA users for logging in on these systems
- users coming form AD
- sudo rules
- HBAC rules
The thing is, if I'm not mistaken Kerberos is required for sudo and
HBAC to work.
> Cheers,
> Ronald
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
> Fedora Code of Conduct:
https://getfedora.org/code-of-conduct.html
> List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...