mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 07:33:27 -06:00
Allow PKINIT to be enabled when updating from a pre-PKINIT IPA CA server
When upgrading from a server with IPA CA before PKINIT was introduced (4.5), PKINIT would not be enabled and there wasn't any way to enable it since upgrade code only issues self-signed certificates when certificates are missing. With these change there is a way to enable PKINIT when coming from a IPA server with a pre-PKINIT version (4.4 and before). Fixes: https://pagure.io/freeipa/issue/8532 Signed-off-by: Antonio Torres <antorres@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
parent
0faddc9180
commit
50306cc636
@ -78,6 +78,8 @@ class PKINITManage(AdminTool):
|
||||
krb.enable_ssl()
|
||||
|
||||
if setup_pkinit:
|
||||
if not is_pkinit_enabled():
|
||||
krb.setup_pkinit()
|
||||
krb.pkinit_enable()
|
||||
else:
|
||||
krb.pkinit_disable()
|
||||
|
Loading…
Reference in New Issue
Block a user