URL: https://github.com/freeipa/freeipa/pull/526 Title: #526: server install: properly handle PKINIT-related options
abbra commented: """ This PR does not handle upgrade case which is what Local CA considers. We don't need other systems trust the certificate and we don't need to synchronize anything because KDC cert in upgrade case is issued automatically and is used by privilege separation code on the same machine. """ See the full comment at https://github.com/freeipa/freeipa/pull/526#issuecomment-283335425
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
