[Freeipa-devel] [PATCH] 1109 No client machine cert
Rob Crittenden
rcritten at redhat.com
Thu Sep 4 15:13:27 UTC 2014
Jan Cholasta wrote:
> Hi,
>
> Dne 3.9.2014 v 21:23 Rob Crittenden napsal(a):
>> No longer request and install a cert for the IPA client machine.
>>
>> rob
>
> The original plan was to keep generating the certificate, but in
> /etc/ipa/nssdb instead of /etc/pki/nssdb (see the attached patch).
>
> I'm fine with either approach.
>
The cert has never been used and is now actively causing issues in
RHEL-7 with systemd and kickstart. It could be made optional, and move
the location, but IMHO its time has come.
rob
More information about the Freeipa-devel
mailing list