On 5/28/2015 12:46 AM, Jan Cholasta wrote:
On a related note, since KRA is optional, can we move the vaults
container to cn=kra,cn=vaults? This is the convetion used by the other
optional components (DNS and recently CA).
I mean cn=vaults,cn=kra of course.
If you are talking about the o=kra,<PKI suffix>, I'm not sure whether
the IPA framework will work with it.
If you are talking about adding a new cn=kra,<IPA suffix> entry on top
of cn=vaults, what is the purpose of this entry? Is the entry going to
be created/deleted automatically when the KRA is installed/removed? Is
it going to be used for something else other than vaults?
There are a lot of questions that need to be answered before we can make
this change. We probably should revisit this issue after the core vault
functionality is added.
Endi S. Dewata
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code