URL: https://github.com/freeipa/freeipa/pull/694 Author: martbab Title: #694: RFC: implement local PKINIT deployment in server/replica install Action: edited
Changed field: body Original value: """ This PR implements a basic local PKINIT functionality for server install with '--no-pkinit' specified, and replica install against older masters or with '--no-pkinit'. These patches unblock WebUI logins/password auths on masters/replicas in the cases proper PKINIT was not configured for whatever reasons. Nevertheless, there are following things lacking in this PR that I will either push on top of this one or create a new PR: - [ ] removal of anonymous keytab, asi it is now useless (and always was) - [ ] upgrade and transitions between PKINIT configurations - [ ] reporting PKINIT state in LDAP - [ ] API for querying the PKINIT status on all masters http://www.freeipa.org/page/V4/Kerberos_PKINIT """
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
