On 5/28/2015 12:46 AM, Jan Cholasta wrote:
On a related note, since KRA is optional, can we move the vaults
container to cn=kra,cn=vaults? This is the convetion used by the other
optional components (DNS and recently CA).

I mean cn=vaults,cn=kra of course.

If you are talking about the o=kra,<PKI suffix>, I'm not sure whether the IPA framework will work with it.

If you are talking about adding a new cn=kra,<IPA suffix> entry on top of cn=vaults, what is the purpose of this entry? Is the entry going to be created/deleted automatically when the KRA is installed/removed? Is it going to be used for something else other than vaults?

There are a lot of questions that need to be answered before we can make this change. We probably should revisit this issue after the core vault functionality is added.

Endi S. Dewata

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to