[Freeipa-devel] [PATCH] Password vault
Endi Sukma Dewata
edewata at redhat.com
Tue Jun 2 00:02:34 UTC 2015
On 5/28/2015 12:46 AM, Jan Cholasta wrote:
>> On a related note, since KRA is optional, can we move the vaults
>> container to cn=kra,cn=vaults? This is the convetion used by the other
>> optional components (DNS and recently CA).
>
> I mean cn=vaults,cn=kra of course.
If you are talking about the o=kra,<PKI suffix>, I'm not sure whether
the IPA framework will work with it.
If you are talking about adding a new cn=kra,<IPA suffix> entry on top
of cn=vaults, what is the purpose of this entry? Is the entry going to
be created/deleted automatically when the KRA is installed/removed? Is
it going to be used for something else other than vaults?
There are a lot of questions that need to be answered before we can make
this change. We probably should revisit this issue after the core vault
functionality is added.
--
Endi S. Dewata
More information about the Freeipa-devel
mailing list