URL: https://github.com/freeipa/freeipa/pull/694
Title: #694: RFC: implement local PKINIT deployment in server/replica install

martbab commented:
We can query that PKINIT was not configured at all by a) checking the presence 
of KDC keypair, b) checking the sysupgrade (no presence of pkinit flag implies 
no configuration is present), and c) querying LDAP (no presence of 
ipaConfigString) so we have multiple redundant ways to determine that PKINIT is 
not configured at all.

As for the removal of pkinit status, I intend to replace the existing command 
by `ipa pkinit-status` as a follow-up PR once this one is merged.

I will then update the design page to reflect this discussion and update the 
implementation in this PR.

See the full comment at 
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to