[Freeipa-devel] CSR autogeneration next steps
Jan Cholasta
jcholast at redhat.com
Mon Dec 12 13:04:37 UTC 2016
On 12.12.2016 13:49, Fraser Tweedale wrote:
> (This is a tangential discussion, but...)
>
> On Mon, Dec 12, 2016 at 09:52:02AM +0100, Jan Cholasta wrote:
>> IMO profile ID should default to caIPAserviceCert on the client as well.
>>
> NACK. Default profile (although fixed at the present time) should
> be considered server-side policy. If we eventually make it
> configurable, we don't want older clients overriding it.
I didn't mean the default value should be overriden on the clients, just
that profile ID should stay optional on the client and use the default
profile ID when unspecified.
>
> Thanks,
> Fraser
>
--
Jan Cholasta
More information about the Freeipa-devel
mailing list