Discussion:
[Freeipa-devel] [freeipa PR#774][synchronized] Deprecate pkinit-anonymous command
stlaz
2017-05-23 08:16:40 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/774
Author: stlaz
Title: #774: Deprecate pkinit-anonymous command
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/774/head:pr774
git checkout pr774
abbra
2017-05-23 10:57:56 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/774
Title: #774: Deprecate pkinit-anonymous command

abbra commented:
"""
Just remove the command completely. FreeIPA prior to 4.5 never supported PKINIT operations and never allowed using anonymous PKINIT. Disabling/enabling it was left for admins that knew what they wanted. However, with FreeIPA 4.5 we require anonymous PKINIT to be enabled all time -- be it with a local self-signed cert or with some other certificate issued by a proper CA. An anonymous principal can only be used to create a FAST channel, nothing else.
"""

See the full comment at https://github.com/freeipa/freeipa/pull/774#issuecomment-303363619
stlaz
2017-05-23 11:28:38 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/774
Title: #774: Deprecate pkinit-anonymous command

stlaz commented:
"""
Thanks, pruned the file a bit.
"""

See the full comment at https://github.com/freeipa/freeipa/pull/774#issuecomment-303369646
stlaz
2017-05-23 11:28:47 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/774
Author: stlaz
Title: #774: Remove pkinit-anonymous command
Action: edited

Changed field: title
Original value:
"""
Deprecate pkinit-anonymous command
"""
stlaz
2017-05-23 11:28:02 UTC
Permalink
URL: https://github.com/freeipa/freeipa/pull/774
Author: stlaz
Title: #774: Deprecate pkinit-anonymous command
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/774/head:pr774
git checkout pr774

Loading...