URL: https://github.com/freeipa/freeipa/pull/62
Title: #62: Configure Anonymous PKINIT on server install

abbra commented:
> As a side question is the separate profile needed due to some custom 
> extensions required for PKINIT certificate?
yes, we don't want to allow everyone to issue certificates with PKINIT 
extensions, they only should be done for KDC cert.

See the full comment at 
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to