I have a trust setup between two Windows 2008 Active Directory forests. My domains are "local.ad" and "remote.ad". All of my corporate users belong to the remote.ad forest.
I have to add the "Identity Management for Unix" (IMU) role to one of the AD servers to allow for kerberos auth logins on Linux. The admin of remote.ad is unable to add IMU on remote.ad because of insert_excuse_here.
Is it possible to add IMU to my server, local.ad, create a "clone" of user11@remote.ad, add the Unix Authentication Role, but somehow tell local.ad that the password for the user is actually in remote.ad ?
What I'm dreaming of is managing the Unix groups and Users from local.ad, but have authentication actually proxied/delegate to remote.ad.
