URL: https://github.com/freeipa/freeipa/pull/62 Title: #62: Configure Anonymous PKINIT on server install
abbra commented: """ > As a side question is the separate profile needed due to some custom > extensions required for PKINIT certificate? yes, we don't want to allow everyone to issue certificates with PKINIT extensions, they only should be done for KDC cert. """ See the full comment at https://github.com/freeipa/freeipa/pull/62#issuecomment-248571527
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code