On 01/17/2013 12:54 PM, Rob Crittenden wrote:
Orion Poplawski wrote:


It seems like a most of the problems would be alleviated if instead of
wiping out the old NSS dbs, it simply added the new certs.  I don't know
if there are any other security implications of this or not.

Yes, that is probably true. I think the reasoning was we didn't know what was
in the database already so starting over seemed safer.


Filed https://fedorahosted.org/freeipa/ticket/3363


--
Orion Poplawski
Technical Manager                     303-415-9701 x222
NWRA, Boulder Office                  FAX: 303-415-9702
3380 Mitchell Lane                       or...@nwra.com
Boulder, CO 80301                   http://www.nwra.com

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to