URL: https://github.com/freeipa/freeipa/pull/694
Title: #694: RFC: implement local PKINIT deployment in server/replica install

martbab commented:
I have re-worked the PR and implemented most of the missing steps (except for 
API for querying PKINIT status in topology). I have also removed the 
PKINIT-specific CA and helper. The installer will now call either `IPA` or 
self-sign CA depending on configuration and passed-in options. The PKINIT state 
recording was also changed to depend on the KDC certificate tracking status and 
CA that tracks it.

See the full comment at 
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to