URL: https://github.com/freeipa/freeipa/pull/758 Title: #758: install: fix CA-less PKINIT
HonzaCholasta commented: """ @stlaz, this seems to be a bug in kinit. When you have a certificate chain root CA -> intermediate CA -> KDC and want to trust the intermediate CA, but not the root CA, the validation will always fail. This is the case in external CA setup (the external CA is the root CA, IPA CA is the intermediate CA), but I haven't confirmed it without IPA yet. Without this patchset, both the CA certificates are trusted, which is a bug, but makes kinit work. """ See the full comment at https://github.com/freeipa/freeipa/pull/758#issuecomment-301680152
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
