[Freeipa-devel] [freeipa PR#694][edited] RFC: implement local PKINIT deployment in server/replica install
martbab
freeipa-github-notification at redhat.com
Thu Apr 6 17:47:45 UTC 2017
URL: https://github.com/freeipa/freeipa/pull/694
Author: martbab
Title: #694: RFC: implement local PKINIT deployment in server/replica install
Action: edited
Changed field: body
Original value:
"""
This PR implements a basic local PKINIT functionality for server install with
'--no-pkinit' specified, and replica install against older masters or with
'--no-pkinit'.
These patches unblock WebUI logins/password auths on masters/replicas in the
cases proper PKINIT was not configured for whatever reasons.
Nevertheless, there are following things lacking in this PR that I will either
push on top of this one or create a new PR:
- [x] removal of anonymous keytab, asi it is now useless (and always was)
- [x] upgrade and transitions between PKINIT configurations
- [ ] reporting PKINIT state in LDAP
- [ ] API for querying the PKINIT status on all masters
http://www.freeipa.org/page/V4/Kerberos_PKINIT
"""
More information about the Freeipa-devel
mailing list