[Freeipa-devel] [PATCH] 604 revoke certs when disabling and deleting hosts
Simo Sorce
ssorce at redhat.com
Thu Nov 18 17:22:01 UTC 2010
On Fri, 05 Nov 2010 15:20:27 -0400
Rob Crittenden <rcritten at redhat.com> wrote:
> When a host is deleted we revoke its certificate, if any.
>
> When a host keytab is disabled we disable all the keytabs and revoke
> the certificates of its services.
>
> I've also tried to make it more universal to display certificate
> details when viewing a record with a certificate in it.
>
> rob
a. needs rebase (I did a rebase on my own, hopefully the next point was
not because of that)
b. after some fiddling and testing ipa host-disable seem to return a
bogus error of: ipa: ERROR: no modifications to be performed
and if tried again: ipa: ERROR: This entry is already disabled
Possibly the first error was returned because the service I took a cert
for (to test the cert was removed on disabling, which it was) didn;t
have a keytab associated.
So NACK on this error, but the general approach looks good.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list