On Wed, 2012-02-29 at 10:52 +0100, Jan Cholasta wrote:
On 28.2.2012 23:42, Rob Crittenden wrote:
Jan Cholasta wrote:
Hi,
this patch configures the new SSH features of SSSD in
ipa-client-install.
To test it, you need to have SSSD 1.8.0 installed.
Honza
Is there a better name for 'GlobalKnownHostsFile2'?
What do you mean? The option name or the file name? Either way, I
don't
think there is a better name.
When is PubKeyAgent used?I tried in RHEL 6.2, F-11 and F15-17 and
it was
an unknown option in all.
It's in openssh in RHEL 6.0.
Should you test for the existence of
/usr/bin/sss_ssh_knownhostsproxy
and /usr/bin/sss_ssh_authorizedkeys before setting it in a config
file?
It depends. Do we want to support clients with SSSD< 1.8.0?
How would you recommend testing this? Enroll a client and try to
log
into the IPA server?
To test host authentication, you need an IPA host with SSH public
keys
set (which is done automatically in ipa-client-install, so any IPA
host
should work) and try to ssh into that host from other (actually, it
can
be the same) IPA host. You should not see "The authenticity of host
...
can't be estabilished" ssh message.
To test user authentication, you need an IPA user with SSH public
keys
set. To do that, you need to set the public keys using ipa
user-mod. You
should then be able to authenticate using your private key on any
IPA host.
rob
Honza
I get this exception when running ipa-client-install with your patch.
# ipa-client-install --enable-dns-updates
Discovery was successful!
Hostname: vm-138.idm.lab.bos.redhat.com
Realm: IDM.LAB.BOS.REDHAT.COM
DNS Domain: idm.lab.bos.redhat.com
IPA Server: vm-068.idm.lab.bos.redhat.com
BaseDN: dc=idm,dc=lab,dc=bos,dc=redhat,dc=com
Continue to configure the system with these values? [no]: y
User authorized to enroll computers: admin
Synchronizing time with KDC...
Unable to sync time with IPA NTP server, assuming the time is in
sync.
Password for ad...@idm.lab.bos.redhat.com:
Enrolled in IPA realm IDM.LAB.BOS.REDHAT.COM
Created /etc/ipa/default.conf
Traceback (most recent call last):
File "/usr/sbin/ipa-client-install", line 1514, in<module>
sys.exit(main())
File "/usr/sbin/ipa-client-install", line 1501, in main
rval = install(options, env, fstore, statestore)
File "/usr/sbin/ipa-client-install", line 1326, in install
if configure_sssd_conf(fstore, cli_realm, cli_domain, cli_server,
options):
File "/usr/sbin/ipa-client-install", line 711, in configure_sssd_conf
sssdconfig.activate_service('ssh')
File "/usr/lib/python2.7/site-packages/SSSDConfig.py", line 1516, in
activate_service
raise NoServiceError
SSSDConfig.NoServiceError
SSSD version: sssd-1.8.1-0.20120228T2018Zgit751b121.fc16.x86_64
Martin