On Tue, 2009-10-20 at 12:02 -0400, Rob Crittenden wrote:
> First pass at enforcing certificates be requested from same host
> We want to only allow a machine to request a certificate for itself, not
> for other machines. I've added a new taksgroup which will allow this.
> The requesting IP is resolved and compared to the subject of the CSR to
> determine if they are the same host. The same is done with the service
> principal. Subject alt names are not queried yet.
> This does not yet grant machines actual permission to request
> certificates yet, that is still limited to the taskgroup request_certs.
> This also fixes some minor typos I discovered.
ack. pushed to master.
Freeipa-devel mailing list