URL: https://github.com/freeipa/freeipa/pull/640
Title: #640: Remove pkinit options from master/replica on DL0

abbra commented:
"""
Good question. I think we should remove all mentioning of PKINIT options for 
DL0 and explicitly configure local CA there. On DL1 we already require to 
provide pkinit cert for CA-less setup. However, there we should treat 
--no-pkinit as use of local CA (certmonger's one).
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/640#issuecomment-289041029
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to