How to authenticate users with Kerberos when port 88 is not available in a DMZ? Use an HTTPS server as a proxy. IPA comes with an integrated KDC Proxy and it’s simple to make use of it. A typical use case is a cross-domain trust with AD, where the Linux clients are not allowed to ….Read More
Year: 2021
Using DNSSEC with (Free) IPA
The DNS infrastructure contains a growing number of critical information such as services records pointing to authentication services, TLSA records, SSH fingerprints and the like. DNSSEC signs this information, the client can trust the information DNS sends. It protects against forged information through cache poisoning. This article shows how to achieve a DNSSEC protected DNS ….Read More