URL: https://github.com/freeipa/freeipa/pull/694 Title: #694: RFC: implement local PKINIT deployment in server/replica install
martbab commented: """ We can query that PKINIT was not configured at all by a) checking the presence of KDC keypair, b) checking the sysupgrade (no presence of pkinit flag implies no configuration is present), and c) querying LDAP (no presence of ipaConfigString) so we have multiple redundant ways to determine that PKINIT is not configured at all. As for the removal of pkinit status, I intend to replace the existing command by `ipa pkinit-status` as a follow-up PR once this one is merged. I will then update the design page to reflect this discussion and update the implementation in this PR. """ See the full comment at https://github.com/freeipa/freeipa/pull/694#issuecomment-295727092
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
