Proposed F19 Feature: FreeIPA v3 Trust Improvements
jreznik at redhat.com
Wed Jan 23 13:48:08 UTC 2013
As decided by FESCo on 2012-12-05 meeting, all proposed Features are required
to pass through the community review by announcing them on devel-announce list.
FESCo votes on new features no sooner than a week from the announcement.
= Features/IPAv3TrustImprovements =
Feature owner(s): Alexander Bokovoy <abokovoy at redhat.com>
Multiple Domain Controllers and multiple additional DNS domains managed by
FreeIPA can now be accessible via trusting relationship by Active Directory
domain members. Additionally, Global Catalog service is provided for use by
AD clients, allowing FreeIPA users to be included into access-control lists
of AD resources.
== Detailed description ==
In Fedora 18 only a single designated Domain Controller in FreeIPA realm is
supported for interoperability with Active Directory and only a primary DNS
domain associated with the FreeIPA realm is advertised to the trusted party.
With the changes coming in future FreeIPA release, support for multiple
domain controllers per FreeIPA realm and multiple DNS domain suffixes associated
with the realm will be available. FreeIPA will also provide Global Catalog
service implementation which is key feature to allow discretionary access to
Active Directory resources for FreeIPA users --- making possible, for example,
interactive logon to Windows machines under a FreeIPA identity.
More information about the devel-announce