On Tue, Aug 04, 2015 at 05:39:01PM +0200, Martin Babinsky wrote:
> 
> I am working on the update of
> http://www.freeipa.org/page/V4/User_Certificates design page.
> 
> For now I have edited the "Feature Management" and "Howto Test" sections.
> 
> Since this is my first time writing/editing designs, there surely is a room
> for improvement. Feel free to send me corrections or edit the parts you
> don't like outright.

The caIPAuserCert.txt file (content) is missing.

Not sure if we want to recommend

        sed '1d;$d' cert.pem

-- maybe command to convert to DER and then base64-encode would
be more generic?

That

        add ldap_user_certificate = userCertificate;binary to the domain 
section of sssd.conf

step -- will it stay or is sssd going to be updated to use that value
automagically? In that case, link to the ticket we are waiting for
(https://fedorahosted.org/sssd/ticket/2742 ?) should be added so
that it's clear that this step should be removed when the ticket
is addressed.

Otherwise, great effort with the How to Test section.

-- 
Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to