martbab
2017-04-05 15:27:44 UTC
URL: https://github.com/freeipa/freeipa/pull/694
Author: martbab
Title: #694: RFC: implement local PKINIT deployment in server/replica install
Action: edited
Changed field: body
Original value:
"""
This PR implements a basic local PKINIT functionality for server install with
'--no-pkinit' specified, and replica install against older masters or with
'--no-pkinit'.
These patches unblock WebUI logins/password auths on masters/replicas in the
cases proper PKINIT was not configured for whatever reasons.
Nevertheless, there are following things lacking in this PR that I will either
push on top of this one or create a new PR:
-[ ] removal of anonymous keytab, asi it is now useless (and always was)
-[ ] upgrade and transitions between PKINIT configurations
-[ ] reporting PKINIT state in LDAP
-[ ] API for querying the PKINIT status on all masters
http://www.freeipa.org/page/V4/Kerberos_PKINIT
"""
Author: martbab
Title: #694: RFC: implement local PKINIT deployment in server/replica install
Action: edited
Changed field: body
Original value:
"""
This PR implements a basic local PKINIT functionality for server install with
'--no-pkinit' specified, and replica install against older masters or with
'--no-pkinit'.
These patches unblock WebUI logins/password auths on masters/replicas in the
cases proper PKINIT was not configured for whatever reasons.
Nevertheless, there are following things lacking in this PR that I will either
push on top of this one or create a new PR:
-[ ] removal of anonymous keytab, asi it is now useless (and always was)
-[ ] upgrade and transitions between PKINIT configurations
-[ ] reporting PKINIT state in LDAP
-[ ] API for querying the PKINIT status on all masters
http://www.freeipa.org/page/V4/Kerberos_PKINIT
"""