[Freeipa-devel] [freeipa PR#694][comment] RFC: implement local PKINIT deployment in server/replica install
martbab
freeipa-github-notification at redhat.com
Thu Apr 20 12:54:30 UTC 2017
URL: https://github.com/freeipa/freeipa/pull/694
Title: #694: RFC: implement local PKINIT deployment in server/replica install
martbab commented:
"""
We can query that PKINIT was not configured at all by a) checking the presence of KDC keypair, b) checking the sysupgrade (no presence of pkinit flag implies no configuration is present), and c) querying LDAP (no presence of ipaConfigString) so we have multiple redundant ways to determine that PKINIT is not configured at all.
As for the removal of pkinit status, I intend to replace the existing command by `ipa pkinit-status` as a follow-up PR once this one is merged.
I will then update the design page to reflect this discussion and update the implementation in this PR.
"""
See the full comment at https://github.com/freeipa/freeipa/pull/694#issuecomment-295727092
More information about the Freeipa-devel
mailing list