[Freeipa-devel] CSR autogeneration next steps
Fraser Tweedale
ftweedal at redhat.com
Mon Dec 12 13:22:59 UTC 2016
On Mon, Dec 12, 2016 at 02:04:37PM +0100, Jan Cholasta wrote:
> On 12.12.2016 13:49, Fraser Tweedale wrote:
> > (This is a tangential discussion, but...)
> >
> > On Mon, Dec 12, 2016 at 09:52:02AM +0100, Jan Cholasta wrote:
> > > IMO profile ID should default to caIPAserviceCert on the client as well.
> > >
> > NACK. Default profile (although fixed at the present time) should
> > be considered server-side policy. If we eventually make it
> > configurable, we don't want older clients overriding it.
>
> I didn't mean the default value should be overriden on the clients, just
> that profile ID should stay optional on the client and use the default
> profile ID when unspecified.
>
OK, thanks for clarifying.
> >
> > Thanks,
> > Fraser
> >
>
>
> --
> Jan Cholasta
More information about the Freeipa-devel
mailing list