Hi,
Is it possible to enrol a host using `ipa-client-install` behind a TLS proxy?
I need to enrol hosts that can only reach `my.proxy.host:443` due to networking
constraints.
I see there is MS-KKDCP for kinit, kpasswd etc.
We don't have much need for Kerberos ATM and are mainly using user, group lookups
along with SSH pubkeys and Sudo rules.
I'm assuming that at the very least we are using 389/636 for the above lookups? Then
you would at least have to proxy your LDAPS?
I have not done a `tcpdump` yet to ascertain what ports are in use.
Thank you.
Show replies by thread