[Freeipa-devel] CSR autogeneration next steps
Fraser Tweedale
ftweedal at redhat.com
Mon Dec 12 12:49:27 UTC 2016
(This is a tangential discussion, but...)
On Mon, Dec 12, 2016 at 09:52:02AM +0100, Jan Cholasta wrote:
> IMO profile ID should default to caIPAserviceCert on the client as well.
>
NACK. Default profile (although fixed at the present time) should
be considered server-side policy. If we eventually make it
configurable, we don't want older clients overriding it.
Thanks,
Fraser
More information about the Freeipa-devel
mailing list