Extracting note from https://fedorahosted.org/freeipa/ticket/4546#comment:5
Create a solution where IPA is a member server in AD domain with no trust. It will be a proxy solution and we should use the corresponding terminology. Many deployment have policies that do not allow any kind of trust.
So as we implement #4546 we should all make it possible to not have any trust at all. It is extremely important as there is not much understanding of the details and T word scares people big time.
Use case: There are client systems that been to be managed for SUDO and authentication centrally. Kerberos authentication would be nice but not required. LDAP authentication is fine. HBAC and SUDO is the additional value. T is not allowed by policy but proxy is fine. People can just connect systems to AD but that would not give them SUDO or HBAC. So having IPA as simple LDAP proxy + SUDO + HBAC would resonate with a lot of deployments and would make IPA more relevant in more environments.
It would also allow people to later move to some of the trusted models when the get comfortable with trusts and explore their values.
Push out, One Way trust and related are higher priority.
Metadata Update from @dpal: - Issue assigned to someone - Issue set to the milestone: Future Releases
Thank you taking time to submit this request for FreeIPA. Unfortunately this bug was not given priority and the team lacks the capacity to work on it at this time.
Given that we are unable to fulfil this request I am closing the issue as wontfix. To request re-consideration of this decision please reopen this issue and provide additional technical details about its importance to you.
Metadata Update from @rcritten: - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.