On Wed, Oct 10, 2012 at 06:05:02PM +0300, Alexander Bokovoy wrote:
> this patch originated from off-list discussion regarding multiple runs
> of ipa trust-add against the same domain.
> Since trust-add re-establishes the trust every time it is run and all
> the other information fetched from the remote domain controller stays
> the same, it can be run multiple times. The only change would occur is
> update of trust relationship credentials -- they are supposed to be
> updated periodically by underlying infrastructure anyway.
> So the patch adds some clarity to the help and changes summary message
> when trust was re-established instead of created.
> / Alexander Bokovoy
Btw, another useful feature of allowing to run trust-add multiple times
is to re-established the trust if it was deleted only on one side, AD or
IPA. Having a separate command for this would make no sense because it
would be basically be an alias to trust-add.
Freeipa-devel mailing list