Related to: https://fedorahosted.org/freeipa/ticket/6424
We may also want to allow external principals as operator, e.g. allow a group of users from trusted AD realm to issue certs to themselves or certain IPA users/hosts/services or external subjects.
Related discussion: https://gist.github.com/frasertweedale/6093f2312d16b3958374cc15b55b4d63
Metadata Update from @ftweedal:
- Issue assigned to ftweedal
- Issue set to the milestone: Future Releases
to comment on this ticket.