[Freeipa-devel] [PATCHES] 59-65 SSH public key management
Martin Kosek
mkosek at redhat.com
Tue Feb 14 18:16:14 UTC 2012
On Thu, 2012-02-09 at 18:18 +0100, Jan Cholasta wrote:
> On 8.2.2012 16:35, Rob Crittenden wrote:
> > Jan Cholasta wrote:
> >>> Patch 62: need a failsafe to remove CCACHE_FILE in case something goes
> >>> wrong. I should note too that this won't work on platforms prior to
> >>> Python 2.6 (RHEL-5 is one). This is fine, just means host keys won't be
> >>> automatically updated.
> >>
> >> What exactly won't work on Python 2.6?
> >
> > Sorry, I wasn't very clear. It isn't something specific to your patch,
> > it is large portions of the framework in general. Just wanted to alert you.
> >
> > rob
>
> Updated & rebased the patches.
>
> There is going to be one additional patch, which will make IPA take
> advantage of the new SSH support in SSSD. I have decided not to submit
> it now, because it breaks ipa-client-install if SSSD isn't patched with
> my "Add missing services to sssd.api.conf" and "Add methods for
> activating and deactivating services to SSSDConfig" patches (see
> sssd-devel). I'll submit it once the next SSSD beta is released.
>
> Honza
>
Ok, I went through the patches and they works and generally looks ok
(although some minor rebasing is needed before the push).
I just have one concern at the moment. If you update FreeIPA server with
DNS support, it won't update the update policy for current zones. Thus,
only A and AAAA record update is allowed and ipa-client-install always
fail to update SSHFP records in such zones.
But I don't think its crucial, I would be OK with pushing the patches as
they are and create another ticket to either fix or document it.
Otherwise ACK.
Martin
More information about the Freeipa-devel
mailing list