Title: #666: Fix anonymous principal handling in replica install
I actually did the review of https://github.com/freeipa/freeipa/pull/631
I do not think the order of adding the anonymous principal and setting up
PKINIT matters that much. From what I saw in Kerberos guides, it's usually
actually done after PKINIT setup since until then, the anonymous principal is
pretty much unusable.
The problem was rather the testing of anonymous pkinit before the anonymous
principal was added, that is just plainly weird and I'm glad that that's now
ACK since this fixes the issues mentioned in comments.
See the full comment at
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code