On 04/19/2013 07:39 PM, Rob Crittenden wrote: > Jan Cholasta wrote: >> Hi, >> >> this patch fixes <https://fedorahosted.org/freeipa/ticket/3571>. >> >> OpenSSH 6.2 brings upstream support for AuthorizedKeysCommand, >> which is required for OpenSSH integration. Until now, we relied on >> downstream >> patches and enabled parts of OpenSSH integration conditionally. >> >> This patch includes a scriptlet which updates sshd_config on >> freeipa-client RPM update. Please note that the scriptlet will work only >> if IPA client was set up before openssh-server package was updated to >> 6.2p1. This is because unpatched ipa-client-install does not configure >> sshd_config when openssh-server 6.2p1 is already installed (see >> https://bugzilla.redhat.com/show_bug.cgi?id=953617). Specifically, it >> will not work for IPA installs done on recently updated Fedora 19. >> >> Also, this does not fix SSH integration not working on Fedora 18, as >> that is caused by backward incompatiblity in openssh-server-6.1p1-6 and >> later (see https://bugzilla.redhat.com/show_bug.cgi?id=953534). > > This seems to work ok. Do we want to do this upgrade as an rpm scriptlet or is > it better to handle this in ipa-upgradeconfig (it might be easier to maintain > there)?
As we need to run this upgrade on all clients (not only FreeIPA servers), ipa-upgradeconfig is not a way to go. We would first need a client upgrade script to do that: https://fedorahosted.org/freeipa/ticket/3149 This is now scheduled for a next version, we may want to convert our current spec file upgrades to this ipa-client-upgrade script when it is ready. Martin _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel