URL: https://github.com/freeipa/freeipa/pull/62
Title: #62: Configure Anonymous PKINIT on server install

abbra commented:
"""
> As a side question is the separate profile needed due to some custom 
> extensions required for PKINIT certificate?
yes, we don't want to allow everyone to issue certificates with PKINIT 
extensions, they only should be done for KDC cert.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/62#issuecomment-248571527
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to