[Freeipa-devel] [PATCHES] 59-65 SSH public key management
Jan Cholasta
jcholast at redhat.com
Wed Dec 7 16:28:52 UTC 2011
Hi,
this patchset fixes the following tickets:
https://fedorahosted.org/freeipa/ticket/754
https://fedorahosted.org/freeipa/ticket/1634
https://fedorahosted.org/freeipa/ticket/1978
[PATCH] 59 Add LDAP schema for SSH public keys.
[PATCH] 60 Add LDAP ACIs for SSH public key schema.
[PATCH] 61 Add support for SSH public keys to user and host objects.
This patch adds a new multivalue param "sshpubkey" for specifying SSH
public keys to both user and host objects. The accepted value is
base64-encoded public key blob as specified in RFC4253, section 6.6.
Additionaly, host commands automatically update DNS SSHFP records when
requested by user.
[PATCH] 62 Add API initialization to ipa-client-install.
This change makes it possible to call IPA commands from ipa-client-install.
[PATCH] 63 Move the nsupdate functionality to separate function in
ipa-client-install.
[PATCH] 64 Update host SSH public keys on the server during client install.
This is done by calling host-mod to update the keys on IPA server and
nsupdate to update DNS SSHFP records. DNS update can be disabled using
--no-dns-sshfp ipa-client-install option.
[PATCH] 65 Configure ssh and sshd during ipa-client-install.
For ssh, VerifyHostKeyDNS option is enabled.
For sshd, KerberosAuthentication, GSSAPIAuthentication and UsePAM
options are enabled (this can be disabled using --no-sshd
ipa-client-install option).
Note that user impersonation is not part of this patchset, I'm still
working on it.
Honza
--
Jan Cholasta
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-59-ssh-ldap-schema.patch
Type: text/x-patch
Size: 3637 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20111207/fb0dc828/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-60-ssh-ldap-aci.patch
Type: text/x-patch
Size: 5811 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20111207/fb0dc828/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-61-ssh-host-user-plugins.patch
Type: text/x-patch
Size: 19507 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20111207/fb0dc828/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-62-ipa-client-install-api.patch
Type: text/x-patch
Size: 4108 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20111207/fb0dc828/attachment-0003.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-63-ipa-client-install-nsupdate.patch
Type: text/x-patch
Size: 2213 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20111207/fb0dc828/attachment-0004.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-64-ssh-install-update-keys.patch
Type: text/x-patch
Size: 5249 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20111207/fb0dc828/attachment-0005.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-65-ssh-install-config-sshd.patch
Type: text/x-patch
Size: 6774 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20111207/fb0dc828/attachment-0006.bin>
More information about the Freeipa-devel
mailing list