[Freeipa-devel] [PATCHES] 0197-0204 Installing without a CA, with custom SSL certs
Martin Kosek
mkosek at redhat.com
Fri Mar 22 08:19:44 UTC 2013
On 03/21/2013 05:39 PM, Petr Viktorin wrote:
> [...]
>
> another thing: When drafting the feature page, I realized the
> --{http,dirsrv}_pin options are unfortunate. Giving the passwords in command
> line options is unsafe.
>
> I'd like to replace them with --{http,dirsrv}-pin-file, with prompting if
> they're not given.
>
How is that different from -p DM_PASSWORD and -a ADMIN_PASSWORD? They also
cannot be read from file. I think these options would cause inconsistency with
the rest of our password options in ipa-{server,client,replica}-install. It
also seems as inconvenience to me as you need to prepare this artificial file
before running ipa-server-install...
I think it would be better to address this consistently in the future with
configuration file instead of options, something like pkispawn uses.
Martin
More information about the Freeipa-devel
mailing list