On Thu, Apr 30, 2015 at 04:32:30PM +0200, Lukas Slebodnik wrote: > On (30/04/15 15:34), Jakub Hrozek wrote: > >On Thu, Apr 30, 2015 at 03:13:44PM +0200, Martin Kosek wrote: > >> On 04/30/2015 02:56 PM, Aric Wilisch wrote: > >> > Is there a trick to getting a users SSH key that’s attached to their > >> > FreeIPA account to work on RHEL 5 servers? users can ssh into the RHEL 6 > >> > clients with no issues but they still get prompted for their passwords > >> > on the RHEL 5 server, so it’s not pushing down their ssh keys. > >> > > >> > Thanks! > >> > > >> > Regards, > >> > ------------------------------------------ > >> > Aric Wilisch > >> > awili...@gmail.com > >> > >> Well, RHEL-5's latest build should be sssd-1.5.1-71.el5, but the SSH > >> public key > >> support was added in SSSD 1.8: > >> > >> https://fedorahosted.org/sssd/ticket/610 > >> > >> So I do not know any way besides upgrading to RHEL-6/RHEL-7 or backporting > >> the > >> SSSD 1.8+ yourself (which I do not expect to be an easy task). > > > >The 1.9 branch should build and work on RHEL-5. > > > But IIRC openssh-server should be patched as well.
Perhaps, you definitely need the AuthorizedKeysCommand and similar. Honza might know best.. At any rate, upgrading from RHEL-5 to something recent is a good idea :-) -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
