Jan Cholasta wrote:
Dne 7.12.2011 17:28, Jan Cholasta napsal(a):
[PATCH] 65 Configure ssh and sshd during ipa-client-install.
For ssh, VerifyHostKeyDNS option is enabled.
For sshd, KerberosAuthentication, GSSAPIAuthentication and UsePAM
options are enabled (this can be disabled using --no-sshd
ipa-client-install option).
Changed this not to implicitly trust DNS, as discussed on yesterday's
meeting. You can make SSH trust DNS explicitly using --ssh-trust-dns
ipa-client-install option.
Honza
Traceback if ipaserver package is not installed.
# ipa-client-install
[snip]
Created /etc/ipa/default.conf
ipa : ERROR cannot import plugins sub-package
ipaserver.install.plugins.plugins: No module named ipaserver.install.plugins
Traceback (most recent call last):
File "/usr/sbin/ipa-client-install", line 1474, in <module>
sys.exit(main())
File "/usr/sbin/ipa-client-install", line 1461, in main
rval = install(options, env, fstore, statestore)
File "/usr/sbin/ipa-client-install", line 1277, in install
api.finalize()
File "/usr/lib/python2.7/site-packages/ipalib/plugable.py", line 656,
in finalize
self.__do_if_not_done('load_plugins')
File "/usr/lib/python2.7/site-packages/ipalib/plugable.py", line 452,
in __do_if_not_done
getattr(self, name)()
File "/usr/lib/python2.7/site-packages/ipalib/plugable.py", line 599,
in load_plugins
self.import_plugins('ipaserver/install/plugins')
File "/usr/lib/python2.7/site-packages/ipalib/plugable.py", line 625,
in import_plugins
raise e
ImportError: No module named ipaserver.install.plugins
You need to use a context other than 'installer'. I used 'cli_installer'
to proceed.
Is this what I should expect when logging into an enrolled client:
$ slogin -v doberman.example.com
[ snip ]
debug1: matching host key fingerprint found in DNS
The authenticity of host 'doberman.example.com. (192.168.186.9)' can't
be established.
RSA key fingerprint is 99:4a:4e:7f:4e:79:56:f6:00:4a:db:67:63:24:77:79.
Matching host key fingerprint found in DNS.
Are you sure you want to continue connecting (yes/no)?
That part seems to be working, I guess I didn't expected to be asked.
When I tested without DNS it said something about key not found in DNS
as I would expect.
I'm unable to add another pub key:
$ ipa user-mod --addattr ipasshpubkey=<BIGKEY>== tuser1
ipa: ERROR: invalid 'ipasshpubkey': must be binary data
$ ipa user-mod --sshpubkey=<BIGKEY>== tuser1
[SUCCESS]
I wonder if normalize_ssh_pubkeys should not be validate_ssh_pubkeys().
It isn't really converting them to some common format, just confirming
that they are valid keys, right?
rob
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
