Re: [Freeipa-devel] [PATCH] 197 Track DS certificate with certmonger on replicas

2013-10-29 Thread Petr Viktorin 

On 10/17/2013 03:27 PM, Jan Cholasta wrote:

Hi,

the attached patch fixes .

Honza



Thanks! Works for me, ACK, pushed to
master: e98abdca9b4cf772e93176b42e17ec5fb5736ea4
ipa-3-3: 074816faf36650dbfa5aa8a22a3896a31b64dbf1



--
PetrĀ³

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 197 Track DS certificate with certmonger on replicas

2013-10-17 Thread Jan Cholasta 

On 17.10.2013 15:40, Rob Crittenden wrote:

Jan Cholasta wrote:

Hi,

the attached patch fixes .


Just thinking out loud here, haven't tried it...

What about creating a replica on a non-CA host, I think it wouldn't be
tracked.


AFAIU cacert.p12 is always put in the replica info file, it does not 
matter whether ipa-replica-prepare is run on a CA host or not (see 
ReplicaPrepare.copy_ds_certificate: 
).




Can you use the value or existence of api.env.ra_plugin instead?

rob



--
Jan Cholasta

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Re: [Freeipa-devel] [PATCH] 197 Track DS certificate with certmonger on replicas

2013-10-17 Thread Rob Crittenden 

Jan Cholasta wrote:

Hi,

the attached patch fixes .


Just thinking out loud here, haven't tried it...

What about creating a replica on a non-CA host, I think it wouldn't be 
tracked.


Can you use the value or existence of api.env.ra_plugin instead?

rob

___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel