On Thu, 08 Dec 2011, Jan Cholasta wrote:
> Dne 7.12.2011 17:28, Jan Cholasta napsal(a):
> >[PATCH] 65 Configure ssh and sshd during ipa-client-install.
> >
> >For ssh, VerifyHostKeyDNS option is enabled.
> >
> >For sshd, KerberosAuthentication, GSSAPIAuthentication and UsePAM
> >options are enabled (this can be disabled using --no-sshd
> >ipa-client-install option).
> >
> Changed this not to implicitly trust DNS, as discussed on
> yesterday's meeting. You can make SSH trust DNS explicitly using
> --ssh-trust-dns ipa-client-install option.
Looks fine but I have one suggestion. Could you please abstract out 
paths to /etc/ssh and split its use into two stages: discovery and 
actual manipulation? The reason for that is the fact that many 
distributions have sshd installed with configs in either /etc/ssh or 
/etc/openssh, and from the beginning it would be nice to account for 
that and avoid patching it later. This is especially important for the 

/ Alexander Bokovoy

Freeipa-devel mailing list

Reply via email to