Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1031116
Description of problem: When (root of CA chain that signed) IdM certificate is neither known to the system nor specified by CA by --ca-cert-file CLI option, the CA cert details should be printed to the console and user should be required to confirm them, otherwise the domain join should be stopped in order to prevent MITM attacks. Version-Release number of selected component (if applicable): ipa-client-3.3.3-3.el7.x86_64 How reproducible: always Steps to Reproduce: 1. run ipa-client-install on machine that does not recognize FreeIPA certificate as trusted 2. 3. Actual results: no warning is printed, ipa-client-install continues with system installation Expected results: user must specify or confirm trustworthiness of CA certificate that is not already trusted Additional info:
Metadata Update from @mkosek: - Issue assigned to someone - Issue set to the milestone: Future Releases
Thank you taking time to submit this request for FreeIPA. Unfortunately this bug was not given priority and the team lacks the capacity to work on it at this time.
Given that we are unable to fulfil this request I am closing the issue as wontfix. To request re-consideration of this decision please reopen this issue and provide additional technical details about its importance to you.
Metadata Update from @rcritten: - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.