[Freeipa-devel] [PATCH] 0189 Remove option to use custom SSL certificates from ipa-server-install
Martin Kosek
mkosek at redhat.com
Tue Mar 5 16:28:49 UTC 2013
On 03/05/2013 02:40 PM, Jan Cholasta wrote:
> On 5.3.2013 11:55, Petr Viktorin wrote:
>> On 03/05/2013 11:32 AM, Jan Cholasta wrote:
>>> Hi,
>>>
>>> On 26.2.2013 15:50, Petr Viktorin wrote:
>>>> This removes the --{dirsrv,http,pkinit}-{pkcs12,pin} options.
>>>>
>>>> https://fedorahosted.org/freeipa/ticket/3151
>>>>
>>>>
>>>> The same options are in ipa-replica-prepare. I think we should leave
>>>> those be, so people with existing servers with custom certs can install
>>>> replicas.
>>>>
>>>
>>> Should we keep them visible, or should we make them hidden and remove
>>> them from documentation?
>>>
>>> Honza
>>>
>>
>> They have their own section in --help, with an explanation:
>>
>> SSL certificate options:
>> Only used if the server was installed using custom SSL certificates
>>
>> I think that's enough.
>>
>
> OK, makes sense.
>
> Please update ipa-server-install man page to reflect the changes.
>
> I think you can remove the pkcs12_info argument of
> {Ds,Krb}Instance.create_instance, as the only place where it was used is
> ipa-server-install.
>
> Honza
>
We had a discussion about this feature on a meeting today and we decided to not
retire this feature after all and fix it instead.
This decision retires patch 189 and https://fedorahosted.org/freeipa/ticket/3151.
Martin
More information about the Freeipa-devel
mailing list