URL: https://github.com/freeipa/freeipa/pull/694
Author: martbab
 Title: #694: RFC: implement local PKINIT deployment in server/replica install
Action: edited

 Changed field: body
Original value:
This PR implements a basic local PKINIT functionality for server install with
'--no-pkinit' specified, and replica install against older masters or with

These patches unblock WebUI logins/password auths on masters/replicas in the
cases proper PKINIT was not configured for whatever reasons.

Nevertheless, there are following things lacking in this PR that I will either
push on top of this one or create a new PR:

- [x] removal of anonymous keytab, asi it is now useless (and always was)
- [x] upgrade and transitions between PKINIT configurations
- [ ] reporting PKINIT state in LDAP
- [ ] API for querying the PKINIT status on all masters


Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to