[Freeipa-devel] [PATCHES] 59-65 SSH public key management

Jan Cholasta jcholast at redhat.com
Mon Jan 23 17:57:07 UTC 2012 

I have updated and rebased the patches:


[PATCH] 59 Add LDAP schema for SSH public keys.

No changes.

[PATCH] 60 Add LDAP ACIs for SSH public key schema.
Requires patch 59.

No changes.

[PATCH] 61 Add support for SSH public keys to user and host objects.
Requires patch 59 and 66.

Added new virtual attribute for SSH public key fingerprints to both user 
and host.

The ipasshuser and ipasshhost objectclasses are now automatically added 
to user and host objects when necessary.

The --addattr issue is fixed in patch 66.

[PATCH] 62 Add API initialization to ipa-client-install.

Changed API context to "cli_installer".

[PATCH] 63 Move the nsupdate functionality to separate function in 
ipa-client-install.

No changes.

[PATCH] 64 Update host SSH public keys on the server during client install.
Requires patch 59, 61, 62, 63, 66 and 67.

The host SSH public keys are now loaded from a platform specific 
location instead of /etc/ssh.

[PATCH] 65 Configure ssh and sshd during ipa-client-install.
Requires patch 67.

The configuration files are now looked for in a platform specific 
location instead of /etc/ssh


Also I have added 2 new patches to the patchset:


[PATCH] 66 Base64-decode unicode values in Bytes parameters.

Fix wrong handling of strings in --setattr/--addattr/--delattr.

These changes make it possible to use Bytes in 
--setattr/--addattr/--delattr without errors.

It might seem that this patch breaks the API, but it does not. Bytes 
parameters are currently used only for certificate attribute of host and 
service objects and these attributes are normalized using ipalib.x509 
functions, so both raw binary values and base64-encoded values are 
accepted. I have checked that old client works with new server without 
problems.

[PATCH] 67 Add SSH service to platform-specific services.

Add method for getting configuration directory path of a service, so 
that a different SSH configuration directory can be specified on 
different platforms.


Honza

-- 
Jan Cholasta
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-59.1-ssh-ldap-schema.patch
Type: text/x-patch
Size: 3604 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120123/8e841523/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-60.1-ssh-ldap-aci.patch
Type: text/x-patch
Size: 5811 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120123/8e841523/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-61.1-ssh-host-user-plugins.patch
Type: text/x-patch
Size: 24279 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120123/8e841523/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-62.1-ipa-client-install-api.patch
Type: text/x-patch
Size: 4112 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120123/8e841523/attachment-0003.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-63.1-ipa-client-install-nsupdate.patch
Type: text/x-patch
Size: 2213 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120123/8e841523/attachment-0004.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-64.1-ssh-install-update-keys.patch
Type: text/x-patch
Size: 5689 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120123/8e841523/attachment-0005.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-65.2-ssh-install-config-sshd.patch
Type: text/x-patch
Size: 6594 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120123/8e841523/attachment-0006.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-66-parameter-bytes-base64.patch
Type: text/x-patch
Size: 3058 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120123/8e841523/attachment-0007.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-67-ssh-platform-service.patch
Type: text/x-patch
Size: 3844 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120123/8e841523/attachment-0008.bin>

More information about the Freeipa-devel mailing list