On pe, 13 maalis 2020, Leonid Kanter via FreeIPA-users wrote:
You lose nothing with --no-pkinit because you add certificate authority and enable pkinit later. But seems it's a relatively new option, we installed our prod instance back in 2016 and it didn't ask for --no-pkinit at all. I found it yesterday. Our main instance is running with pkinit disabled and it do all we want for us. I started to play with pkinit just yesterday.
It was added in FreeIPA 4.5. https://www.freeipa.org/page/V4/Kerberos_PKINIT 'Configuration' and 'Upgrade' sections explain various configurations. -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
