[Freeipa-devel] [PATCHES] 59-65 SSH public key management

[Rob Crittenden]

Martin Kosek wrote:
> On Thu, 2012-02-09 at 18:18 +0100, Jan Cholasta wrote:
>> On 8.2.2012 16:35, Rob Crittenden wrote:
>>> Jan Cholasta wrote:
>>>>> Patch 62: need a failsafe to remove CCACHE_FILE in case something goes
>>>>> wrong. I should note too that this won't work on platforms prior to
>>>>> Python 2.6 (RHEL-5 is one). This is fine, just means host keys won't be
>>>>> automatically updated.
>>>>
>>>> What exactly won't work on Python 2.6?
>>>
>>> Sorry, I wasn't very clear. It isn't something specific to your patch,
>>> it is large portions of the framework in general. Just wanted to alert you.
>>>
>>> rob
>>
>> Updated&  rebased the patches.
>>
>> There is going to be one additional patch, which will make IPA take
>> advantage of the new SSH support in SSSD. I have decided not to submit
>> it now, because it breaks ipa-client-install if SSSD isn't patched with
>> my "Add missing services to sssd.api.conf" and "Add methods for
>> activating and deactivating services to SSSDConfig" patches (see
>> sssd-devel). I'll submit it once the next SSSD beta is released.
>>
>> Honza
>>
>
> Ok, I went through the patches and they works and generally looks ok
> (although some minor rebasing is needed before the push).
>
> I just have one concern at the moment. If you update FreeIPA server with
> DNS support, it won't update the update policy for current zones. Thus,
> only A and AAAA record update is allowed and ipa-client-install always
> fail to update SSHFP records in such zones.
>
> But I don't think its crucial, I would be OK with pushing the patches as
> they are and create another ticket to either fix or document it.
> Otherwise ACK.
>
> Martin
>

Can you open a ticket on that?

ACK, pushed all 11 to master and ipa-2-2.

I updated the commit messages to include a ticket number in each for 
tracking.

rob