Hi,

the attached patch fixes <https://fedorahosted.org/freeipa/ticket/3705>.

Honza

--
Jan Cholasta
>From 873beb4d2ce268906f808f71af32919dec30928b Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jchol...@redhat.com>
Date: Tue, 25 Jun 2013 08:41:46 +0000
Subject: [PATCH] Do not skip SSSD known hosts in ipa-client-install
 --ssh-trust-dns.

https://fedorahosted.org/freeipa/ticket/3705
---
 ipa-client/ipa-install/ipa-client-install | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index a5ba46c..b188161 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -1212,12 +1212,12 @@ def configure_ssh_config(fstore, options):
         'PubkeyAuthentication': 'yes',
     }
 
+    if options.sssd and file_exists(SSH_PROXYCOMMAND):
+        changes['ProxyCommand'] = '%s -p %%p %%h' % SSH_PROXYCOMMAND
+        changes['GlobalKnownHostsFile'] = SSH_KNOWNHOSTSFILE
     if options.trust_sshfp:
         changes['VerifyHostKeyDNS'] = 'yes'
         changes['HostKeyAlgorithms'] = 'ssh-rsa,ssh-dss'
-    elif options.sssd and file_exists(SSH_PROXYCOMMAND):
-        changes['ProxyCommand'] = '%s -p %%p %%h' % SSH_PROXYCOMMAND
-        changes['GlobalKnownHostsFile'] = SSH_KNOWNHOSTSFILE
 
     change_ssh_config(ssh_config, changes, ['Host'])
     root_logger.info('Configured %s', ssh_config)
-- 
1.8.2.1

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to