Learn more about these different git repos.
Other Git URLs
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1492883
Description of problem: SSSD can only reference a remote CRL file, which requires additional network resources and infrastructure to manage. With the advent of tools like Ansible and Puppet, customers would like to be able to distribute the CRL file to each machine and reference it locally, so that no server resource needs to be kept up to date beyond what is already being maintained actively.
Metadata Update from @jhrozek: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1492883
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD 2.0
Metadata Update from @jhrozek: - Issue priority set to: minor
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD 2.1 (was: SSSD 2.0)
@sbose is this still valid since you added the crl_file option?
crl_file
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD 2.2 (was: SSSD 2.1)
Hi @jhrozek , please keep this ticket open. The crl_file option currently only works for the OpenSSL build. I'd like to explore what might be possible with NSS as well besides using crlutil command manually.
Metadata Update from @sbose: - Issue assigned to sbose
Metadata Update from @jhrozek: - Issue set to the milestone: SSSD 2.3 (was: SSSD 2.2)
After some investigations I think using crlutil is still the best option for the NSS build of SSSD. I close this ticket.
crlutil
Metadata Update from @sbose: - Issue close_status updated to: Fixed - Issue status updated to: Closed (was: Open)
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/4697
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.