URL: https://github.com/freeipa/freeipa/pull/666
Title: #666: Fix anonymous principal handling in replica install

stlaz commented:
I actually did the review of https://github.com/freeipa/freeipa/pull/631 
alongside this.
I do not think the order of adding the anonymous principal and setting up 
PKINIT matters that much. From what I saw in Kerberos guides, it's usually 
actually done after PKINIT setup since until then, the anonymous principal is 
pretty much unusable.
The problem was rather the testing of anonymous pkinit before the anonymous 
principal was added, that is just plainly weird and I'm glad that that's now 
ACK since this fixes the issues mentioned in comments.

See the full comment at 
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to