freeipa/install/share
Florence Blanc-Renaud 3cf9979aec ipa-client-install: use sshd drop-in configuration
sshd 8.2+ now supports the "Include" keyword in sshd_config and
ships by default /etc/ssh/sshd_config with
"Include /etc/ssh/sshd_config.d/*"

As fedora 32 provides a config file in that directory (05-redhat.conf) with
ChallengeResponseAuthentication no
that is conflicting with IPA client config, ipa-client-install now needs
to make its config changes in a drop-in file read before 05-redhat.conf
(the files are read in lexicographic order and the first setting wins).

There is no need to handle upgrades from sshd < 8.2: if openssh-server
detects a customisation in /etc/ssh/sshd_config, it will not update
the file but create /etc/ssh/sshd_config.rpmnew and ask the admin
to manually handle the config upgrade.

Fixes: https://pagure.io/freeipa/issue/8304
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2020-06-23 11:11:46 +02:00
..
advise Build: remove incorrect use of MAINTAINERCLEANFILES 2016-11-16 09:12:07 +01:00
profiles Restore old version of caIPAserviceCert for upgrade only 2017-08-14 19:25:59 +02:00
schema.d Build: remove incorrect use of MAINTAINERCLEANFILES 2016-11-16 09:12:07 +01:00
05rfc2247.ldif Remove references to GPL v2.0 license 2015-02-20 15:40:42 +01:00
15rfc2307bis.ldif Add formerly update-only schema 2013-11-18 16:54:21 +01:00
15rfc4876.ldif Add formerly update-only schema 2013-11-18 16:54:21 +01:00
60basev2.ldif Add group membership management 2019-11-11 09:31:14 +01:00
60basev3.ldif Short name resolution: introduce the required schema 2017-03-14 18:37:10 +01:00
60certificate-profiles.ldif Add 'ca' plugin 2016-06-15 07:13:38 +02:00
60ipaconfig.ldif Add knob to limit hostname length 2019-05-16 14:38:43 -04:00
60ipadns.ldif DNS: Support URI resource record type 2016-10-11 16:48:47 +02:00
60ipapk11.ldif DNSSEC: schema 2014-10-21 12:23:03 +02:00
60kerberos.ldif Add Authentication Indicator Kerberos ticket policy options 2019-11-21 11:13:12 -05:00
60samba.ldif Make schema files conform to new updater 2013-11-18 16:54:21 +01:00
61kerberos-ipav3.ldif mark 'ipaKrbPrincipalAlias' attribute as deprecated in schema 2016-06-23 09:48:06 +02:00
65ipacertstore.ldif Add LDAP schema for certificate store. 2014-07-30 16:04:21 +02:00
65ipasudo.ldif Update X-ORIGIN for 4.0 2014-07-01 13:57:06 +02:00
70ipaotp.ldif Revert "Make all ipatokenTOTP attributes mandatory" 2015-01-21 09:20:15 +01:00
70topology.ldif handle multiple managed suffixes 2015-10-15 14:24:33 +02:00
71idviews.ldif idviews: Add user certificate attribute to user ID overrides 2016-05-06 07:12:01 +02:00
72domainlevels.ldif Add Domain Level feature 2015-05-26 11:59:47 +00:00
73certmap.ldif Add altSecurityIdentities attribute from MS-WSPP schema definition 2019-07-17 17:50:07 +03:00
anon-princ-aci.ldif Use Anonymous user to obtain FAST armor ccache 2017-02-15 07:13:37 +01:00
automember.ldif 34 Create FreeIPA CLI Plugin for the 389 Auto Membership plugin 2011-08-31 09:49:43 +02:00
bind.ipa-ext.conf.template Overhaul bind upgrade process 2020-06-10 16:07:07 +02:00
bind.ipa-options-ext.conf.template Overhaul bind upgrade process 2020-06-10 16:07:07 +02:00
bind.named.conf.template Overhaul bind upgrade process 2020-06-10 16:07:07 +02:00
bootstrap-template.ldif Prevent local account takeover 2020-06-15 22:44:42 +03:00
ca-topology.uldif Revert "upgrade: add replica bind DN group check interval to CA topology config" 2016-12-09 15:47:13 +01:00
certmap.conf.template Define template version in certmap.conf 2017-03-01 12:46:50 +01:00
custodia.conf.template Backup ipa-custodia conf and keys 2017-11-13 18:10:54 +01:00
default-aci.ldif Add group membership management 2019-11-11 09:31:14 +01:00
default-hbac.ldif Fix systemd-user HBAC rule 2019-01-15 14:29:22 -05:00
default-smb-group.ldif Change DNA magic value to -1 to make UID 999 usable 2013-03-11 17:07:07 +01:00
default-trust-view.ldif idviews: Add Default Trust View as part of adtrustinstall 2014-09-30 10:42:06 +02:00
delegation.ldif DNS Locations: Always create DNS related privileges 2016-06-03 15:58:21 +02:00
dna.ldif Moved update of DNA plugin among update plugins 2016-11-11 12:13:56 +01:00
dns.ldif Allow hosts to read DNS records for IP SAN 2020-03-16 13:04:17 +01:00
dnssec.ldif DNSSEC: DNS key synchronization daemon 2014-10-21 12:23:03 +02:00
domainlevel.ldif Add Domain Level feature 2015-05-26 11:59:47 +00:00
ds-ipa-env.conf.template Move DS's Kerberos env vars to unit file 2019-04-02 19:35:38 +02:00
ds-nfiles.ldif Autotune directory server to use a greater number of files 2010-11-22 12:42:16 -05:00
entryusn.ldif Address entryusn initialization on replica installation 2011-01-28 13:58:43 -05:00
freeipa-server.template Add a skeleton kdcpolicy plugin 2019-09-10 12:33:21 +03:00
gssapi.login Change session handling 2017-02-15 07:13:37 +01:00
gssproxy.conf.template Add options to allow ticket caching 2017-03-16 13:10:37 +01:00
host_nis_groups.ldif Move Managed Entries into their own container in the replicated space. 2011-09-12 16:28:27 -04:00
indices.ldif Add group membership management 2019-11-11 09:31:14 +01:00
ipa-httpd-wsgi.conf.template Replace wsgi package conflict with config file 2018-02-09 08:28:11 +01:00
ipa-httpd.conf.template Require UTF-8 fs encoding 2017-11-21 16:13:28 +01:00
ipa-kdc-proxy.conf.template Don't use deprecated Apache Access options. 2018-11-15 17:52:10 -05:00
ipa-pki-proxy.conf.template Simplify pki proxy conf 2020-05-05 11:49:10 +02:00
ipa-rewrite.conf.template Move config templates from install/conf to install/share 2018-02-09 09:14:22 +01:00
ipa.conf.template Use httpd 2.4 syntax for access control 2020-05-07 11:00:55 -04:00
ipaca_customize.ini Configure PKI AJP Secret with 256-bit secret 2020-06-23 09:20:24 +02:00
ipaca_default.ini Configure PKI AJP Secret with 256-bit secret 2020-06-23 09:20:24 +02:00
ipaca_softhsm2.ini Add pki.ini override option 2019-04-10 13:43:23 +02:00
ipakrb5.aug install: introduce generic Kerberos Augeas lens 2017-05-19 12:31:24 +02:00
kdc_extensions.template Add support for configuring KDC certs for PKINIT 2010-11-18 15:09:36 -05:00
kdc_req.conf.template Add support for configuring KDC certs for PKINIT 2010-11-18 15:09:36 -05:00
kdc.conf.template Add new authentication indicators in kdc.conf.template 2019-09-10 12:33:21 +03:00
kdcproxy-disable.uldif Provide Kerberos over HTTP (MS-KKDCP) 2015-06-24 10:43:58 +02:00
kdcproxy-enable.uldif Provide Kerberos over HTTP (MS-KKDCP) 2015-06-24 10:43:58 +02:00
kdcproxy.conf Provide Kerberos over HTTP (MS-KKDCP) 2015-06-24 10:43:58 +02:00
kdcproxy.wsgi Replace hard-coded kdcproxy path with WSGI script 2017-04-12 13:05:23 +02:00
kerberos.ldif Enable AES SHA 256 and 384-bit enctypes in Kerberos 2019-11-04 09:45:07 -05:00
krb5.conf.template install: do not assume /etc/krb5.conf.d exists 2017-06-28 15:44:51 +02:00
krb5.ini.template Set master_kdc and dns_lookup_kdc to true 2012-09-19 20:47:12 -04:00
krb.con.template Mass tree reorganization for IPAv2. To view previous history of files use: 2009-02-03 15:27:14 -05:00
krbrealm.con.template Mass tree reorganization for IPAv2. To view previous history of files use: 2009-02-03 15:27:14 -05:00
Makefile.am ipa-client-install: use sshd drop-in configuration 2020-06-23 11:11:46 +02:00
managed-entries.ldif Move Managed Entries into their own container in the replicated space. 2011-09-12 16:28:27 -04:00
master-entry.ldif Add Domain Level feature 2015-05-26 11:59:47 +00:00
memberof-conf.ldif Display user and host membership in netgroups. 2010-11-24 08:38:41 -05:00
memberof-task.ldif Wait for memberof task and DS to start before proceeding in installation. 2011-04-22 11:43:50 +02:00
memcache-remove.uldif Change session handling 2017-02-15 07:13:37 +01:00
modrdn-krbprinc.ldif add krbCanonicalName to attributes watched by MODRDN plugin 2016-06-23 09:48:06 +02:00
nis-update.uldif Upgrade: Fix upgrade of NIS Server configuration 2016-01-11 09:45:54 +01:00
nis.uldif Enable transactions by default, make password and modrdn TXN-aware 2012-11-21 14:55:12 +01:00
opendnssec_conf.template Remove the <Interval> from opendnssec conf 2020-03-12 21:48:25 +01:00
opendnssec_kasp.template DNSSEC: update OpenDNSSEC KASP configuration 2015-05-19 12:50:56 +00:00
pw-logging-conf.ldif Switch nsslapd-unhashed-pw-switch to nolog 2019-05-24 12:42:51 +02:00
referint-conf.ldif Update referential integrity config for DS 1.3.3 2014-09-12 17:42:08 +02:00
replica-acis.ldif Update ACIs with the correct syntax 2020-05-04 20:49:23 +02:00
replica-automember.ldif 34 Create FreeIPA CLI Plugin for the 389 Auto Membership plugin 2011-08-31 09:49:43 +02:00
replica-prevent-time-skew.ldif ds: ignore time skew during initial replication step 2017-10-19 17:48:58 +03:00
repoint-managed-entries.ldif Move Managed Entries into their own container in the replicated space. 2011-09-12 16:28:27 -04:00
root-autobind.ldif Remove root autobind search restriction, fix upgrade logging & error handling. 2011-06-13 09:51:05 +02:00
sasl-mapping-fallback.ldif Enable SASL mapping fallback. 2013-06-27 17:06:51 +02:00
schema-update.ldif Fix nsslapdPlugin object class after initial replication. 2013-09-10 09:49:43 +02:00
smb.conf.empty Add trust management for Active Directory trusts 2012-06-07 09:39:09 +02:00
smb.conf.template Enforce SMBLoris attack protection in default Samba configuration 2019-04-24 15:47:19 -04:00
sshd_ipa.conf.template ipa-client-install: use sshd drop-in configuration 2020-06-23 11:11:46 +02:00
sudobind.ldif Create default disabled sudo bind user 2011-02-23 15:32:24 -05:00
topology-entries.ldif rename topology suffixes to "domain" and "ca" 2015-12-04 12:59:21 +01:00
unique-attributes.ldif Server Upgrade: Fix uniqueness plugins 2015-05-19 12:45:41 +00:00
user_private_groups.ldif Move Managed Entries into their own container in the replicated space. 2011-09-12 16:28:27 -04:00
uuid.ldif DNSSEC: DNS key synchronization daemon 2014-10-21 12:23:03 +02:00
vault.ldif install: support KRA update 2015-09-17 14:55:54 +02:00
wsgi.py Address inconsistent-return-statements 2018-11-13 13:37:58 +01:00