The test configures an external bind server on the ipa-server
(not the IPA-embedded DNS server) that allows unauthenticated nsupdates.
When the IPA client is registered using ipa-client-install,
DNS records are added for the client in the bind server using nsupdate.
The first try is using GSS-TIG but fails as expected, and the client
installer then tries with unauthenticated nsupdate.
Related : https://pagure.io/freeipa/issue/8402
Signed-off-by: Anuja More <amore@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Previously, dns_lookup_kdc was only set to True if DNS
discovery worked or if the KDC was not specified on the
command-line.
Make sure dns_lookup_kdc is always set to true.
Fixes: https://pagure.io/freeipa/issue/6523
Signed-off-by: François Cami <fcami@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Test checks that HostKeyAlgorithms is not present in
/etc/ssh/ssh_config after client install with option
-ssh-trust-dns.
https://pagure.io/freeipa/issue/8082
Signed-off-by: Kaleemullah Siddiqui <ksiddiqu@redhat.com>
Reviewed-By: Mohammad Rizwan Yusuf <myusuf@redhat.com>