mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
f769045f0a
Set `pkinit_pool` in `kdc.conf` to a CA certificate bundle of all CAs known to IPA. Make sure `cacert.pem` is exported in all installation code paths. Use the KDC certificate itself as a PKINIT anchor in `login_password`. https://pagure.io/freeipa/issue/6831 Reviewed-By: Stanislav Laznicka <slaznick@redhat.com> Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>