On Fri, 05 Nov 2010 15:20:27 -0400
Rob Crittenden <rcrit...@redhat.com> wrote:

> When a host is deleted we revoke its certificate, if any.
> When a host keytab is disabled we disable all the keytabs and revoke
> the certificates of its services.
> I've also tried to make it more universal to display certificate
> details when viewing a record with a certificate in it.
> rob

a. needs rebase (I did a rebase on my own, hopefully the next point was
not because of that)

b. after some fiddling and testing ipa host-disable seem to return a
bogus error of: ipa: ERROR: no modifications to be performed
and if tried again: ipa: ERROR: This entry is already disabled

Possibly the first error was returned because the service I took a cert
for (to test the cert was removed on disabling, which it was) didn;t
have a keytab associated.

So NACK on this error, but the general approach looks good.


Simo Sorce * Red Hat, Inc * New York

Freeipa-devel mailing list

Reply via email to