URL: https://github.com/freeipa/freeipa/pull/823
Title: #823: ipa-kdb: reload certificate mapping rules periodically

sumit-bose commented:
"""
@dkupka, did you modify the rules so that PKINIT should fail or how did you 
test. I tried to reproduce but according to the logs the rules are reloaded 
ever 5 minutes:

    [root@ipa-devel-f25 tmp]# grep nitializ /var/log/krb5kdc.log
    Jun 01 14:37:07 ipa-devel-f25.ipaf25.devel krb5kdc[20471](info): 
Initializing IPA certauth plugin.
    Jun 01 14:37:07 ipa-devel-f25.ipaf25.devel krb5kdc[20471](info): 
sss_certmap initialized.
    Jun 01 14:42:20 ipa-devel-f25.ipaf25.devel krb5kdc[20471](info): 
Initializing IPA certauth plugin.
    Jun 01 14:42:20 ipa-devel-f25.ipaf25.devel krb5kdc[20471](info): 
sss_certmap initialized.
    Jun 01 14:47:29 ipa-devel-f25.ipaf25.devel krb5kdc[20471](info): 
Initializing IPA certauth plugin.
    Jun 01 14:47:29 ipa-devel-f25.ipaf25.devel krb5kdc[20471](info): 
sss_certmap initialized.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/823#issuecomment-305483776
_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org

Reply via email to