[Freeipa-devel] [freeipa PR#694][comment] RFC: implement local PKINIT deployment in server/replica install

HonzaCholasta freeipa-github-notification at redhat.com
Fri Apr 28 08:39:11 UTC 2017 

  URL: https://github.com/freeipa/freeipa/pull/694
Title: #694: RFC: implement local PKINIT deployment in server/replica install

HonzaCholasta commented:
"""
master:

* b1a1e104391c84cb9af7b0a7c8748c8652442ddb separate function to set ipaConfigString values on service entry
* fb52f7a1f328b126626525179d5250692daca2cd Allow for configuration of all three PKINIT variants when deploying KDC
* 86972299d937960bcb713fc73b447cddb4ea44bd API for retrieval of master's PKINIT status and publishing it in LDAP
* 3adb9ca875f8eb99e99a29e17a471a2b6f408a4a Use only anonymous PKINIT to fetch armor ccache
* 68c6a4d4e1340ce01bdc7ec5dd394604a3da7688 Stop requesting anonymous keytab and purge all references of it
* 2374b648d0dfd08ec4cfbcc35f7987fa8b8a6ffa Use local anchor when armoring password requests
* a194055c92c7ca4eba29323f990ec3b92026221b Upgrade: configure local/full PKINIT depending on the master status
* 960e361f68a3d7acd9bcf16ec6fe8f6d5376c4ae Do not test anonymous PKINIT after install/upgrade


ipa-4-5:

* 31a24436592304db6e84270e4a95df34d1e0af46 separate function to set ipaConfigString values on service entry
* b49e075c90a7ab43e82f422aa11dc7540e2fb2c0 Allow for configuration of all three PKINIT variants when deploying KDC
* a0e2a09292ffa2adbf97c2e7e4facc9693dbc311 API for retrieval of master's PKINIT status and publishing it in LDAP
* fca378c9a65f582ac3dcda4b6201e8847ed9e512 Use only anonymous PKINIT to fetch armor ccache
* 9fcc794dac6ffb1f1cc6c92a588ea0911be5ba14 Stop requesting anonymous keytab and purge all references of it
* 5031929b6d710336f6308d7f46779c9e8e98103a Use local anchor when armoring password requests
* 2452e6e5f3a7e7a25eadf5243a28da75a47f9d2c Upgrade: configure local/full PKINIT depending on the master status
* d497c4589cc7506ef9a88b691b8b1d97ad1f1009 Do not test anonymous PKINIT after install/upgrade


"""

See the full comment at https://github.com/freeipa/freeipa/pull/694#issuecomment-297941980

More information about the Freeipa-devel mailing list