URL: https://github.com/freeipa/freeipa/pull/526
Title: #526: server install: do not attempt to issue PKINIT cert in CA-less

HonzaCholasta commented:
Updated the PR to also handle CA-less server upgrade.

@abbra, I'm not opposed to the idea of using the local CA to issue the KDC 
cert, but if we agree to use it, we should use it in both CA-less and CA-ful - 
if the CA does not need to be trusted as you say, using the IPA CA in CA-ful is 
meaningless and only adds unnecesary complexity.

See the full comment at 
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to