On 01/17/2013 12:54 PM, Rob Crittenden wrote:
Orion Poplawski wrote:

It seems like a most of the problems would be alleviated if instead of
wiping out the old NSS dbs, it simply added the new certs.  I don't know
if there are any other security implications of this or not.

Yes, that is probably true. I think the reasoning was we didn't know what was
in the database already so starting over seemed safer.

Filed https://fedorahosted.org/freeipa/ticket/3363

Orion Poplawski
Technical Manager                     303-415-9701 x222
NWRA, Boulder Office                  FAX: 303-415-9702
3380 Mitchell Lane                       or...@nwra.com
Boulder, CO 80301                   http://www.nwra.com

Freeipa-users mailing list

Reply via email to