Mohan Cheema wrote:
Hi,
We are number of Amazon AMI (Amazon Linux) in AWS. As this is based on
RHEL we installed number of packages to enable user on those machine to
get authenticated against ipa. The client gets configured with below
warning.
-----------------------------------
WARNING Installed OpenSSH server does not support dynamically loading
authorized user keys. Public key authentication of IPA users will not be
available.
-----------------------------------
When user tries to authenticate the SSH connection is dropped, ipa
server issues the authentication ticket to the machine.
Packages that has been installed.
----------------------------------------------
ipa-python-3.0.0-25.el6.x86_64.rpm
python-ldap-2.3.10-1.el6.x86_64.rpm
cyrus-sasl-gssapi-2.1.23-13.el6_3.1.x86_64.rpm
pam_krb5-2.3.11-9.el6.i686.rpm
sssd-1.9.2-82.el6.x86_64.rpm
certmonger-0.61-3.el6.x86_64.rpm
oddjob-mkhomedir-0.30-5.el6.x86_64.rpm
python-krbV-1.0.90-3.el6.x86_64.rpm
libsss_autofs-1.9.2-82.el6.x86_64.rpm
autofs-5.0.5-73.el6.x86_64.rpm
nfs-utils-1.2.3-36.el6.x86_64.rpm
sssd-client-1.9.2-82.el6.x86_64.rpm
python-kerberos-1.1-6.2.el6.x86_64.rpm
python-nss-0.13-1.el6.x86_64.rpm
python-lxml-2.2.3-1.1.el6.x86_64.rpm
python-netaddr-0.7.5-4.el6.noarch.rpm
pyOpenSSL-0.10-2.el6.x86_64.rpm
libipa_hbac-python-1.9.2-82.el6.x86_64.rpm
libgssglue-0.1-11.el6.x86_64.rpm
nfs-utils-lib-1.1.5-6.el6.x86_64.rpm
rpcbind-0.2.0-11.el6.x86_64.rpm
oddjob-0.30-5.el6.x86_64.rpm
libipa_hbac-1.9.2-82.el6.x86_64.rpm
libldb-1.1.13-3.el6.x86_64.rpm
libsss_idmap-1.9.2-82.el6.x86_64.rpm
libevent-1.4.13-4.el6.x86_64.rpm
libtalloc-2.0.7-2.el6.x86_64.rpm
keyutils-1.4-4.el6.x86_64.rpm
libdhash-0.4.2-9.el6.x86_64.rpm
libtirpc-0.2.1-5.el6.x86_64.rpm
ipa-client-3.0.0-25.el6.x86_64.rpm
libtevent-0.9.17-1.el6.x86_64.rpm
libtdb-1.2.10-1.el6.x86_64.rpm
libini_config-0.6.1-9.el6.x86_64.rpm
libcollection-0.6.0-9.el6.x86_64.rpm
libpath_utils-0.2.1-9.el6.x86_64.rpm
libref_array-0.1.1-9.el6.x86_64.rpm
c-ares-1.7.0-6.el6.x86_64.rpm
samba4-libs-4.0.0-55.el6.rc4.x86_64.rpm
libnl-1.1-14.el6.x86_64.rpm
----------------------------------------------
Are there any other package that need to be installed to make it working.
Below is the ssh version.
# rpm -qa | grep ssh
libssh2-1.4.2-1.10.amzn1.x86_64
openssh-6.2p2-4.34.amzn1.x86_64
openssh-clients-6.2p2-4.34.amzn1.x86_64
openssh-server-6.2p2-4.34.amzn1.x86_64
I'm guessing the problem is the Amazon-specific version of ssh. It needs
to support one of these command combinations:
AuthorizedKeysCommand and AuthorizedKeysCommandUser
AuthorizedKeysCommand and AuthorizedKeysCommandRunAs
PubKeyAgent and PubKeyAgentRunAs
/var/log/ipaclient-install.log should contain the output of the probing
for this support.
rob
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users