freeipa/ipaserver/install
Florence Blanc-Renaud 3cf9979aec ipa-client-install: use sshd drop-in configuration
sshd 8.2+ now supports the "Include" keyword in sshd_config and
ships by default /etc/ssh/sshd_config with
"Include /etc/ssh/sshd_config.d/*"

As fedora 32 provides a config file in that directory (05-redhat.conf) with
ChallengeResponseAuthentication no
that is conflicting with IPA client config, ipa-client-install now needs
to make its config changes in a drop-in file read before 05-redhat.conf
(the files are read in lexicographic order and the first setting wins).

There is no need to handle upgrades from sshd < 8.2: if openssh-server
detects a customisation in /etc/ssh/sshd_config, it will not update
the file but create /etc/ssh/sshd_config.rpmnew and ask the admin
to manually handle the config upgrade.

Fixes: https://pagure.io/freeipa/issue/8304
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
2020-06-23 11:11:46 +02:00
..
plugins Terminology improvements: use block list 2020-06-23 10:16:29 +02:00
server Grammar: whitespace is a word 2020-06-23 10:16:29 +02:00
__init__.py Remove __all__ specifications in ipaclient and ipaserver.install 2013-09-06 15:42:33 +02:00
adtrust.py Use api.env.container_sysaccounts 2020-04-28 11:28:29 +02:00
adtrustinstance.py Use api.env.container_sysaccounts 2020-04-28 11:28:29 +02:00
bindinstance.py Overhaul bind upgrade process 2020-06-10 16:07:07 +02:00
ca.py move MSCSTemplate classes to ipalib 2019-07-17 17:58:58 +03:00
cainstance.py upgrade: avoid stopping certmonger when fixing requests 2020-06-10 22:27:26 +10:00
certs.py removed unused function export_pem_p12 2019-12-17 09:18:37 +01:00
conncheck.py install: introduce installer class hierarchy 2016-11-11 12:17:25 +01:00
custodiainstance.py ipaserver.install.installutils: move commonly used utils to ipapython.ipautil 2019-06-29 11:00:28 +03:00
dns.py Check for freeipa-server-dns package early 2020-05-15 14:24:00 +02:00
dnskeysyncinstance.py ipaserver.install.installutils: move commonly used utils to ipapython.ipautil 2019-06-29 11:00:28 +03:00
dogtag.py Verify pki ini override early 2019-04-10 13:43:23 +02:00
dogtaginstance.py Configure PKI AJP Secret with 256-bit secret 2020-06-23 09:20:24 +02:00
dsinstance.py Fix E714 test for object identity should be 'is not' 2020-05-05 10:42:46 +02:00
httpinstance.py httpinstance: retry request without ipa-ca.$DOMAIN dnsName on failure 2020-06-10 22:27:26 +10:00
installutils.py ipaserver.install.installutils: move commonly used utils to ipapython.ipautil 2019-06-29 11:00:28 +03:00
ipa_backup.py ipa-client-install: use sshd drop-in configuration 2020-06-23 11:11:46 +02:00
ipa_cacert_manage.py lint: Make Pylint-2.4 happy again 2020-02-12 18:08:32 +02:00
ipa_cert_fix.py avoid realm_to_serverid deprecation warning 2019-05-29 12:49:27 +10:00
ipa_crlgen_manage.py CRL generation master: new utility to enable|disable 2019-03-14 09:39:55 +01:00
ipa_kra_install.py Fix E722 do not use bare 'except' 2020-05-05 10:42:46 +02:00
ipa_ldap_updater.py Add absolute_import future imports 2018-04-20 09:43:37 +02:00
ipa_otptoken_import.py Py3: Remove subclassing from object 2018-09-27 11:49:04 +02:00
ipa_pkinit_manage.py PKINIT: fix ipa-pkinit-manage enable|disable 2018-12-05 11:06:21 +01:00
ipa_replica_install.py Enable replica install info logging to match ipa-server-install 2018-11-01 13:08:58 +01:00
ipa_restore.py ipa-restore: restart services at the end 2020-03-13 15:30:09 +01:00
ipa_server_certinstall.py Move realm_to_serverid/ldap_uri to ipaldap 2019-02-05 08:39:13 -05:00
ipa_server_install.py Improve console logging for ipa-server-install 2018-06-20 08:38:03 +02:00
ipa_server_upgrade.py ipa commands: print 'IPA is not configured' when ipa is not setup 2018-08-23 12:08:45 +02:00
ipa_trust_enable_agent.py ipa-adtrust-install: run remote configuration for new agents 2020-03-05 14:40:58 +01:00
ipa_winsync_migrate.py ipa commands: print 'IPA is not configured' when ipa is not setup 2018-08-23 12:08:45 +02:00
ipactl.py ipa_client_automount.py and ipactl.py: fix codestyle 2019-06-28 10:53:07 +02:00
kra.py krainstance: set correct issuer DN in uid=ipakra entry 2019-10-17 08:17:46 +02:00
krainstance.py Secure AJP connector between Dogtag and Apache proxy 2020-03-11 17:41:17 +01:00
krbinstance.py Move certauth configuration into a server krb5.conf template 2019-09-10 12:33:21 +03:00
ldapupdate.py Remove unused support for dm_password arg from ldapupdate.connect 2020-06-07 10:21:01 +03:00
odsexporterinstance.py ipaserver.install.installutils: move commonly used utils to ipapython.ipautil 2019-06-29 11:00:28 +03:00
opendnssecinstance.py opendnssec2.1 support: move all ods tasks to specific file 2020-03-12 21:48:25 +01:00
otpdinstance.py Enable pylint missing-final-newline check 2015-12-23 07:59:22 +01:00
replication.py Use api.env.container_sysaccounts 2020-04-28 11:28:29 +02:00
schemaupdate.py Remove unused support for dm_password arg from ldapupdate.connect 2020-06-07 10:21:01 +03:00
service.py Fix E722 do not use bare 'except' 2020-05-05 10:42:46 +02:00
sysupgrade.py Add absolute_import future imports 2018-04-20 09:43:37 +02:00
upgradeinstance.py Remove unused support for dm_password arg from ldapupdate.connect 2020-06-07 10:21:01 +03:00