mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 16:10:02 -06:00
11b8a34346
Set `pkinit_anchors` in `krb5.conf` to a CA certificate bundle of CAs trusted to issue KDC certificates rather than `/etc/ipa/ca.crt`. Set `pkinit_pool` in `krb5.conf` to a CA certificate bundle of all CAs known to IPA. Make sure both bundles are exported in all installation code paths. https://pagure.io/freeipa/issue/6831 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> Reviewed-By: Martin Babinsky <mbabinsk@redhat.com> |
||
---|---|---|
.. | ||
__init__.py | ||
constants.py | ||
paths.py | ||
services.py | ||
tasks.py |