Hi, On Fri, May 8, 2020 at 3:18 PM Angus Clarke via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote:
> We run out IPA infrastructure globally with VPN connected sites, no issue > there. I don't have experience of road warrior VPN clients though. I'm not > sure how IPA behaves when hosts connect with possibly different FQDNs for > example. > I have my laptop joined to a FreeIPA domain and it often moves to different networks where it has different FQDNs. It shows up as hostname.ipadomain in FreeIPA (which doesn't match its name on the networks) and I've never had any issue- I suspect client hostnames are not really important. I do run a publicly accessible FreeIPA instance- it's personal, not commercial, so I'm willing to assume the risks. There are hardening sections in the official docs, although at no point there's explicit information about whether it's safe or not to expose FreeIPA to the Internet. In discussions here I think it's widely considered that you shouldn't do that, though. I'd love that to be a feature, but I understand in most places it's not an issue. Cheers, Álex
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
