From c34f5fbc882b16baebc18d795511e8e1fc50668b Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jcholast@redhat.com>
Date: Wed, 7 Dec 2011 03:40:51 -0500
Subject: Update host SSH public keys on the server during client install.

This is done by calling host-mod to update the keys on IPA server and nsupdate
to update DNS SSHFP records. DNS update can be disabled using --no-dns-sshfp
ipa-client-install option.

https://fedorahosted.org/freeipa/ticket/1634
---
 ipaserver/install/bindinstance.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'ipaserver/install/bindinstance.py')

diff --git a/ipaserver/install/bindinstance.py b/ipaserver/install/bindinstance.py
index 6e6c9411..2fa12565 100644
--- a/ipaserver/install/bindinstance.py
+++ b/ipaserver/install/bindinstance.py
@@ -185,7 +185,7 @@ def read_reverse_zone(default, ip_address):
 def add_zone(name, zonemgr=None, dns_backup=None, ns_hostname=None, ns_ip_address=None,
        update_policy=None):
     if update_policy is None:
-        update_policy = "grant %(realm)s krb5-self * A; grant %(realm)s krb5-self * AAAA;" % dict(realm=api.env.realm)
+        update_policy = "grant %(realm)s krb5-self * A; grant %(realm)s krb5-self * AAAA; grant %(realm)s krb5-self * SSHFP;" % dict(realm=api.env.realm)
 
     if zonemgr is None:
         zonemgr = 'hostmaster.%s' % name
-- 
cgit