If an admin of a PKINIT-less deployment wishes to configure PKINIT e.g. by issuing KDC certificates from IPA CA, he currently has no other option than to run upgrader. We should be able to easily extract this functionality to a separate CLI command which can be called per master and replace self-signed KDC keypair by a IPA CA issued KDC cert.
Metadata Update from @pvoborni: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1455946
Issue linked to bug 1455946
Metadata Update from @mbabinsk: - Issue priority set to: critical - Issue set to the milestone: FreeIPA 4.5.2
ipa-4-5:
master:
Metadata Update from @mbabinsk: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.