freeipa/ipaplatform/base
Florence Blanc-Renaud 3cf9979aec ipa-client-install: use sshd drop-in configuration
sshd 8.2+ now supports the "Include" keyword in sshd_config and
ships by default /etc/ssh/sshd_config with
"Include /etc/ssh/sshd_config.d/*"

As fedora 32 provides a config file in that directory (05-redhat.conf) with
ChallengeResponseAuthentication no
that is conflicting with IPA client config, ipa-client-install now needs
to make its config changes in a drop-in file read before 05-redhat.conf
(the files are read in lexicographic order and the first setting wins).

There is no need to handle upgrades from sshd < 8.2: if openssh-server
detects a customisation in /etc/ssh/sshd_config, it will not update
the file but create /etc/ssh/sshd_config.rpmnew and ask the admin
to manually handle the config upgrade.

Fixes: https://pagure.io/freeipa/issue/8304
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2020-06-23 11:11:46 +02:00
..
__init__.py ipaplatform: Create separate module for platform files 2014-06-16 19:48:17 +02:00
constants.py Fix test_webui.test_selinuxusermap 2019-07-15 14:41:23 +03:00
paths.py ipa-client-install: use sshd drop-in configuration 2020-06-23 11:11:46 +02:00
services.py Add conditional restart (try-restart) capability to services 2019-11-07 13:00:15 -05:00
tasks.py Debian: write out only one CA certificate per file 2020-04-08 14:17:31 +03:00