On 5/28/2015 12:46 AM, Jan Cholasta wrote:
On a related note, since KRA is optional, can we move the vaults
container to cn=kra,cn=vaults? This is the convetion used by the other
optional components (DNS and recently CA).


I mean cn=vaults,cn=kra of course.

If you are talking about the o=kra,<PKI suffix>, I'm not sure whether the IPA framework will work with it.

If you are talking about adding a new cn=kra,<IPA suffix> entry on top of cn=vaults, what is the purpose of this entry? Is the entry going to be created/deleted automatically when the KRA is installed/removed? Is it going to be used for something else other than vaults?

There are a lot of questions that need to be answered before we can make this change. We probably should revisit this issue after the core vault functionality is added.

--
Endi S. Dewata

--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to