FreeIPA has built-in commands to set up a trust relationship with an Active Directory server. Is there also a way to configure a trust with another FreeIPA server?
I want to simulate the scenario where personal users are authenticated through a corporate (LDAP + Kerberos) directory but service accounts and NPAs are kept in a local Kerberos realm.
No, right now FreeIPA does not support trust with another FreeIPA deployment.
it is not problem to create trust between two and more realms because it is standard KADMIN pricinpal solution described on many of Oracle and IBM articles and redhat forums. If you want PAM and Linux users you have to extend freeipa community code with own IPA-IPA class or to develop own sssd plugin. I don't know why community do nothing after 2 major Centos was released. but it is the easest task when you have skills in C and python.
