Re: [Freeipa-devel] PKINIT Handling in mixed/CA-less topologies

2017-03-24 Thread Simo Sorce
On Fri, 2017-03-24 at 11:52 +0100, Martin Babinsky wrote: > On Fri, Mar 24, 2017 at 10:53:49AM +0200, Alexander Bokovoy wrote: > >On pe, 24 maalis 2017, Martin Babinsky wrote: > >> On Thu, Mar 23, 2017 at 04:46:20PM +0200, Alexander Bokovoy wrote: > >> > On to, 23 maalis 2017, Simo Sorce wrote: >

Re: [Freeipa-devel] PKINIT Handling in mixed/CA-less topologies

2017-03-24 Thread Martin Babinsky
On Fri, Mar 24, 2017 at 10:53:49AM +0200, Alexander Bokovoy wrote: >On pe, 24 maalis 2017, Martin Babinsky wrote: >> On Thu, Mar 23, 2017 at 04:46:20PM +0200, Alexander Bokovoy wrote: >> > On to, 23 maalis 2017, Simo Sorce wrote: >> > > On Thu, 2017-03-23 at 16:08 +0200, Alexander Bokovoy wrote:

Re: [Freeipa-devel] PKINIT Handling in mixed/CA-less topologies

2017-03-24 Thread Alexander Bokovoy
On pe, 24 maalis 2017, Martin Babinsky wrote: On Thu, Mar 23, 2017 at 04:46:20PM +0200, Alexander Bokovoy wrote: On to, 23 maalis 2017, Simo Sorce wrote: On Thu, 2017-03-23 at 16:08 +0200, Alexander Bokovoy wrote: > On to, 23 maalis 2017, Martin Babinsky wrote: > >Hi List, > > > >TL;DR we have

Re: [Freeipa-devel] PKINIT Handling in mixed/CA-less topologies

2017-03-24 Thread Martin Babinsky
On Thu, Mar 23, 2017 at 04:46:20PM +0200, Alexander Bokovoy wrote: >On to, 23 maalis 2017, Simo Sorce wrote: >> On Thu, 2017-03-23 at 16:08 +0200, Alexander Bokovoy wrote: >> > On to, 23 maalis 2017, Martin Babinsky wrote: >> > >Hi List, >> > > >> > >TL;DR we have to handle FAST channer

Re: [Freeipa-devel] PKINIT Handling in mixed/CA-less topologies

2017-03-23 Thread Alexander Bokovoy
On to, 23 maalis 2017, Simo Sorce wrote: On Thu, 2017-03-23 at 16:08 +0200, Alexander Bokovoy wrote: On to, 23 maalis 2017, Martin Babinsky wrote: >Hi List, > >TL;DR we have to handle FAST channer establishment when KDC is not issued >PKINIT keypair > >I have spent some time studying and

Re: [Freeipa-devel] PKINIT Handling in mixed/CA-less topologies

2017-03-23 Thread Simo Sorce
On Thu, 2017-03-23 at 16:08 +0200, Alexander Bokovoy wrote: > On to, 23 maalis 2017, Martin Babinsky wrote: > >Hi List, > > > >TL;DR we have to handle FAST channer establishment when KDC is not issued > >PKINIT keypair > > > >I have spent some time studying and fixing bugs/regressions caused by >

Re: [Freeipa-devel] PKINIT Handling in mixed/CA-less topologies

2017-03-23 Thread Alexander Bokovoy
On to, 23 maalis 2017, Martin Babinsky wrote: Hi List, TL;DR we have to handle FAST channer establishment when KDC is not issued PKINIT keypair I have spent some time studying and fixing bugs/regressions caused by incomplete consideration of PKINIT and anonymous principal setup regarding to

[Freeipa-devel] PKINIT Handling in mixed/CA-less topologies

2017-03-23 Thread Martin Babinsky
Hi List, TL;DR we have to handle FAST channer establishment when KDC is not issued PKINIT keypair I have spent some time studying and fixing bugs/regressions caused by incomplete consideration of PKINIT and anonymous principal setup regarding to * replicas standed up against old (3.0.0)