freeipa/ipaplatform/base
Jan Cholasta 11b8a34346 client install: fix client PKINIT configuration
Set `pkinit_anchors` in `krb5.conf` to a CA certificate bundle of CAs
trusted to issue KDC certificates rather than `/etc/ipa/ca.crt`.

Set `pkinit_pool` in `krb5.conf` to a CA certificate bundle of all CAs
known to IPA.

Make sure both bundles are exported in all installation code paths.

https://pagure.io/freeipa/issue/6831

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2017-05-19 12:31:24 +02:00
..
__init__.py ipaplatform: Create separate module for platform files 2014-06-16 19:48:17 +02:00
constants.py Separate RA cert store from the HTTP cert store 2017-02-15 07:13:37 +01:00
paths.py client install: fix client PKINIT configuration 2017-05-19 12:31:24 +02:00
services.py restore: restart/reload gssproxy after restore 2017-04-28 14:56:02 +02:00
tasks.py Create system users for FreeIPA services during package installation 2017-04-11 17:51:49 +02:00