[Freeipa-devel] [freeipa PR#694][comment] RFC: implement local PKINIT deployment in server/replica install

Fri, 28 Apr 2017 01:41:52 -0700 

  URL: https://github.com/freeipa/freeipa/pull/694
Title: #694: RFC: implement local PKINIT deployment in server/replica install

HonzaCholasta commented:
"""
master:

* b1a1e104391c84cb9af7b0a7c8748c8652442ddb separate function to set 
ipaConfigString values on service entry
* fb52f7a1f328b126626525179d5250692daca2cd Allow for configuration of all three 
PKINIT variants when deploying KDC
* 86972299d937960bcb713fc73b447cddb4ea44bd API for retrieval of master's PKINIT 
status and publishing it in LDAP
* 3adb9ca875f8eb99e99a29e17a471a2b6f408a4a Use only anonymous PKINIT to fetch 
armor ccache
* 68c6a4d4e1340ce01bdc7ec5dd394604a3da7688 Stop requesting anonymous keytab and 
purge all references of it
* 2374b648d0dfd08ec4cfbcc35f7987fa8b8a6ffa Use local anchor when armoring 
password requests
* a194055c92c7ca4eba29323f990ec3b92026221b Upgrade: configure local/full PKINIT 
depending on the master status
* 960e361f68a3d7acd9bcf16ec6fe8f6d5376c4ae Do not test anonymous PKINIT after 
install/upgrade


ipa-4-5:

* 31a24436592304db6e84270e4a95df34d1e0af46 separate function to set 
ipaConfigString values on service entry
* b49e075c90a7ab43e82f422aa11dc7540e2fb2c0 Allow for configuration of all three 
PKINIT variants when deploying KDC
* a0e2a09292ffa2adbf97c2e7e4facc9693dbc311 API for retrieval of master's PKINIT 
status and publishing it in LDAP
* fca378c9a65f582ac3dcda4b6201e8847ed9e512 Use only anonymous PKINIT to fetch 
armor ccache
* 9fcc794dac6ffb1f1cc6c92a588ea0911be5ba14 Stop requesting anonymous keytab and 
purge all references of it
* 5031929b6d710336f6308d7f46779c9e8e98103a Use local anchor when armoring 
password requests
* 2452e6e5f3a7e7a25eadf5243a28da75a47f9d2c Upgrade: configure local/full PKINIT 
depending on the master status
* d497c4589cc7506ef9a88b691b8b1d97ad1f1009 Do not test anonymous PKINIT after 
install/upgrade


"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/694#issuecomment-297941980

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to