On Mon, Dec 12, 2016 at 02:04:37PM +0100, Jan Cholasta wrote: > On 12.12.2016 13:49, Fraser Tweedale wrote: > > (This is a tangential discussion, but...) > > > > On Mon, Dec 12, 2016 at 09:52:02AM +0100, Jan Cholasta wrote: > > > IMO profile ID should default to caIPAserviceCert on the client as well. > > > > > NACK. Default profile (although fixed at the present time) should > > be considered server-side policy. If we eventually make it > > configurable, we don't want older clients overriding it. > > I didn't mean the default value should be overriden on the clients, just > that profile ID should stay optional on the client and use the default > profile ID when unspecified. > OK, thanks for clarifying.
> > > > Thanks, > > Fraser > > > > > -- > Jan Cholasta -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code