On 01/17/2013 12:54 PM, Rob Crittenden wrote:
Orion Poplawski wrote:
It seems like a most of the problems would be alleviated if instead of
wiping out the old NSS dbs, it simply added the new certs. I don't know
if there are any other security implications of this or not.
Yes, that is probably true. I think the reasoning was we didn't know what was
in the database already so starting over seemed safer.
Filed https://fedorahosted.org/freeipa/ticket/3363
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA, Boulder Office FAX: 303-415-9702
3380 Mitchell Lane [email protected]
Boulder, CO 80301 http://www.nwra.com
_______________________________________________
Freeipa-users mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/freeipa-users
