[Freeipa-devel] [PATCH] 197 Track DS certificate with certmonger on replicas
Jan Cholasta
jcholast at redhat.com
Thu Oct 17 14:45:30 UTC 2013
On 17.10.2013 15:40, Rob Crittenden wrote:
> Jan Cholasta wrote:
>> Hi,
>>
>> the attached patch fixes <https://fedorahosted.org/freeipa/ticket/3975>.
>
> Just thinking out loud here, haven't tried it...
>
> What about creating a replica on a non-CA host, I think it wouldn't be
> tracked.
AFAIU cacert.p12 is always put in the replica info file, it does not
matter whether ipa-replica-prepare is run on a CA host or not (see
ReplicaPrepare.copy_ds_certificate:
<https://git.fedorahosted.org/cgit/freeipa.git/tree/ipaserver/install/ipa_replica_prepare.py#n280>).
>
> Can you use the value or existence of api.env.ra_plugin instead?
>
> rob
--
Jan Cholasta
More information about the Freeipa-devel
mailing list