summaryrefslogtreecommitdiffstats
path: root/ipaserver
diff options
context:
space:
mode:
authorJan Cholasta <jcholast@redhat.com>2011-12-07 03:40:51 -0500
committerRob Crittenden <rcritten@redhat.com>2012-02-13 22:21:43 -0500
commitc34f5fbc882b16baebc18d795511e8e1fc50668b (patch)
tree05b15df263fceb0dff104e274338178d33f29dd7 /ipaserver
parent9b6649a1ce7c15043c9d197363c3b9fdd4b12a1d (diff)
downloadfreeipa-c34f5fbc882b16baebc18d795511e8e1fc50668b.tar.gz
freeipa-c34f5fbc882b16baebc18d795511e8e1fc50668b.tar.xz
freeipa-c34f5fbc882b16baebc18d795511e8e1fc50668b.zip
Update host SSH public keys on the server during client install.
This is done by calling host-mod to update the keys on IPA server and nsupdate to update DNS SSHFP records. DNS update can be disabled using --no-dns-sshfp ipa-client-install option. https://fedorahosted.org/freeipa/ticket/1634
Diffstat (limited to 'ipaserver')
-rw-r--r--ipaserver/install/bindinstance.py2
1 files changed, 1 insertions, 1 deletions
diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index 6e6c94111..2fa12565f 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -185,7 +185,7 @@ def read_reverse_zone(default, ip_address):
def add_zone(name, zonemgr=None, dns_backup=None, ns_hostname=None, ns_ip_address=None,
update_policy=None):
if update_policy is None:
- update_policy = "grant %(realm)s krb5-self * A; grant %(realm)s krb5-self * AAAA;" % dict(realm=api.env.realm)
+ update_policy = "grant %(realm)s krb5-self * A; grant %(realm)s krb5-self * AAAA; grant %(realm)s krb5-self * SSHFP;" % dict(realm=api.env.realm)
if zonemgr is None:
zonemgr = 'hostmaster.%s' % name