diff options
author | Jan Cholasta <jcholast@redhat.com> | 2011-12-07 03:49:09 -0500 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2012-02-13 22:21:47 -0500 |
commit | c00bf9e38afa4867f4ec397b260f2e467163096d (patch) | |
tree | 619ae4614ef70f9189e296d85daa02de3b14e493 /install/tools/ipa-replica-install | |
parent | c34f5fbc882b16baebc18d795511e8e1fc50668b (diff) | |
download | freeipa-c00bf9e38afa4867f4ec397b260f2e467163096d.tar.gz freeipa-c00bf9e38afa4867f4ec397b260f2e467163096d.tar.xz freeipa-c00bf9e38afa4867f4ec397b260f2e467163096d.zip |
Configure ssh and sshd during ipa-client-install.
For ssh, VerifyHostKeyDNS option is set to 'yes' if --ssh-trust-dns
ipa-client-install option is used.
For sshd, KerberosAuthentication, GSSAPIAuthentication and UsePAM
options are enabled (this can be disabled using --no-sshd
ipa-client-install option).
ticket 1634
Diffstat (limited to 'install/tools/ipa-replica-install')
-rwxr-xr-x | install/tools/ipa-replica-install | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index dda4db909..0b8ab2ae7 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -63,6 +63,10 @@ def parse_options(): help="do not configure ntp", default=True) basic_group.add_option("--no-ui-redirect", dest="ui_redirect", action="store_false", default=True, help="Do not automatically redirect to the Web UI") + basic_group.add_option("--ssh-trust-dns", dest="trust_sshfp", default=False, action="store_true", + help="configure OpenSSH client to trust DNS SSHFP records") + basic_group.add_option("--no-sshd", dest="conf_sshd", default=True, action="store_false", + help="do not configure OpenSSH server") basic_group.add_option("--skip-conncheck", dest="skip_conncheck", action="store_true", default=False, help="skip connection check to remote master") basic_group.add_option("-d", "--debug", dest="debug", action="store_true", @@ -460,6 +464,10 @@ def main(): args = ["/usr/sbin/ipa-client-install", "--on-master", "--unattended", "--domain", config.domain_name, "--server", config.host_name, "--realm", config.realm_name] if not options.create_sshfp: args.append("--no-dns-sshfp") + if options.trust_sshfp: + args.append("--ssh-trust-dns") + if not options.conf_sshd: + args.append("--no-sshd") ipautil.run(args) except Exception, e: print "Configuration of client side components failed!" |