From 736dd0fcd6d35abbea28481dc544502c132f78f8 Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jcholast@redhat.com>
Date: Tue, 25 Jun 2013 08:41:46 +0000
Subject: Do not skip SSSD known hosts in ipa-client-install --ssh-trust-dns.

https://fedorahosted.org/freeipa/ticket/3705
---
 ipa-client/ipa-install/ipa-client-install | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index a5ba46cfc..b1881619d 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -1212,12 +1212,12 @@ def configure_ssh_config(fstore, options):
         'PubkeyAuthentication': 'yes',
     }
 
+    if options.sssd and file_exists(SSH_PROXYCOMMAND):
+        changes['ProxyCommand'] = '%s -p %%p %%h' % SSH_PROXYCOMMAND
+        changes['GlobalKnownHostsFile'] = SSH_KNOWNHOSTSFILE
     if options.trust_sshfp:
         changes['VerifyHostKeyDNS'] = 'yes'
         changes['HostKeyAlgorithms'] = 'ssh-rsa,ssh-dss'
-    elif options.sssd and file_exists(SSH_PROXYCOMMAND):
-        changes['ProxyCommand'] = '%s -p %%p %%h' % SSH_PROXYCOMMAND
-        changes['GlobalKnownHostsFile'] = SSH_KNOWNHOSTSFILE
 
     change_ssh_config(ssh_config, changes, ['Host'])
     root_logger.info('Configured %s', ssh_config)
-- 
cgit