Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Paswordless PKI mode (with CRL for revocation) #3832
I've tried pki setup with lxd server and lxc clients - works perfect. But i was little bit dissapointed because there still need to be "paired" or "trusted" clients and servers with password. With your own CA the advantage of it is only you shouldn't check fingerprints of certificates.
Don't know if i am clear in my idea - I'd like to have trusted everything without password, based only on validity of certificates issued by my own CA. Before i started with pki in lxd i imagined that this should supposed to work like that.
(i know, i can add fingerprints/certificates before trusting, with lxc config trust)