[Freeipa-devel] [freeipa PR#640][comment] Remove pkinit options from master/replica on DL0
abbra
freeipa-github-notification at redhat.com
Fri Mar 24 14:39:59 UTC 2017
URL: https://github.com/freeipa/freeipa/pull/640
Title: #640: Remove pkinit options from master/replica on DL0
abbra commented:
"""
Good question. I think we should remove all mentioning of PKINIT options for DL0 and explicitly configure local CA there. On DL1 we already require to provide pkinit cert for CA-less setup. However, there we should treat --no-pkinit as use of local CA (certmonger's one).
"""
See the full comment at https://github.com/freeipa/freeipa/pull/640#issuecomment-289041029
More information about the Freeipa-devel
mailing list