URL: https://github.com/freeipa/freeipa/pull/526
Title: #526: server install: properly handle PKINIT-related options

abbra commented:
"""
This PR does not handle upgrade case which is what Local CA considers. We don't 
need other systems trust the certificate and we don't need to synchronize 
anything because KDC cert in upgrade case is issued automatically and is used 
by privilege separation code on the same machine.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/526#issuecomment-283335425
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to