On Thu, 08 Dec 2011, Jan Cholasta wrote: > Dne 7.12.2011 17:28, Jan Cholasta napsal(a): > >[PATCH] 65 Configure ssh and sshd during ipa-client-install. > > > >For ssh, VerifyHostKeyDNS option is enabled. > > > >For sshd, KerberosAuthentication, GSSAPIAuthentication and UsePAM > >options are enabled (this can be disabled using --no-sshd > >ipa-client-install option). > > > > Changed this not to implicitly trust DNS, as discussed on > yesterday's meeting. You can make SSH trust DNS explicitly using > --ssh-trust-dns ipa-client-install option. Looks fine but I have one suggestion. Could you please abstract out paths to /etc/ssh and split its use into two stages: discovery and actual manipulation? The reason for that is the fact that many distributions have sshd installed with configs in either /etc/ssh or /etc/openssh, and from the beginning it would be nice to account for that and avoid patching it later. This is especially important for the ipa-client-install.
-- / Alexander Bokovoy _______________________________________________ Freeipa-devel mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-devel