[Freeipa-devel] LDAP schema for DNSSEC keys
Jan Cholasta
jcholast at redhat.com
Tue Jun 24 06:43:02 UTC 2014
On 20.6.2014 20:23, Simo Sorce wrote:
> On Fri, 2014-06-20 at 20:04 +0200, Petr Spacek wrote:
>> ipk11Private;privatekey: TRUE
>> ipk11Private;publickey: FALSE
>
> can these two ever hold a different value ?
> ie a privatekey be FALSE and a publickey be TRUE ?
>
> If not I suggest you do not add this attribute at all and assume their
> value ?
+1, we can use default values for most, if not all of the boolean flag
attributes. Personally, I would try to avoid using ipk11 attributes
until the PKCS#11 module is designed/implemented.
> (btw I forgot what's the point of that attribute)
When it is true, a user may not access the object until the user has
been authenticated to the token (what PKCS#11 spec says).
>
> Simo.
>
--
Jan Cholasta
More information about the Freeipa-devel
mailing list