[Freeipa-devel] [PATCHES] 59-65 SSH public key management
Alexander Bokovoy
abokovoy at redhat.com
Thu Dec 8 08:09:22 UTC 2011
On Thu, 08 Dec 2011, Jan Cholasta wrote:
> Dne 7.12.2011 17:28, Jan Cholasta napsal(a):
> >[PATCH] 65 Configure ssh and sshd during ipa-client-install.
> >
> >For ssh, VerifyHostKeyDNS option is enabled.
> >
> >For sshd, KerberosAuthentication, GSSAPIAuthentication and UsePAM
> >options are enabled (this can be disabled using --no-sshd
> >ipa-client-install option).
> >
>
> Changed this not to implicitly trust DNS, as discussed on
> yesterday's meeting. You can make SSH trust DNS explicitly using
> --ssh-trust-dns ipa-client-install option.
Looks fine but I have one suggestion. Could you please abstract out
paths to /etc/ssh and split its use into two stages: discovery and
actual manipulation? The reason for that is the fact that many
distributions have sshd installed with configs in either /etc/ssh or
/etc/openssh, and from the beginning it would be nice to account for
that and avoid patching it later. This is especially important for the
ipa-client-install.
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list