[Freeipa-devel] [PATCH] 530 make client machine cert nickname more unique
Rob Crittenden
rcritten at redhat.com
Fri Sep 17 21:21:52 UTC 2010
Adam Young wrote:
> On 09/17/2010 04:36 PM, Rob Crittenden wrote:
>> We issue a server certificate into /etc/pki/nssdb when a client is
>> enrolled. Use a more unique nickname of 'IPA Machine Certificate -
>> <fqdn>' rather than Server-Cert.
>>
>> rob
>>
>>
>> _______________________________________________
>> Freeipa-devel mailing list
>> Freeipa-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-devel
> ACK, but you should consider a follow on patch that only sleeps on the
> failure case
I used a while loop instead. The problem is that it takes some cycles to
bring sssd (or make the nss_ldap connection) so sometimes the 'getent
passwd admin' fails.
Pushed to master.
rob
More information about the Freeipa-devel
mailing list