Learn more about these different git repos.
Other Git URLs
When you rebuild a host in a freeipa environment, the SSH key is regenerated and reuploaded to freeipa. However, this is cached in sssd on a workstation and is placed into known_hosts: It essentially means you are locked out of any host that you have rebuilt or rolled the ssh key on.
This patch (Discussed on the mailing list) corrects this behaviour, and allows an ssh host key to be expired and not inserted into the known hosts.
attachment 0001-Allow-sss_cache-to-expire-sshKnownHosts.patch
Thank you for the reminder, I pinged Honza to continue reviewing the latest version of sssd-devel. It's also fine to ping us on the mailing list in case the reply stalls (which might happen sometimes, sorry..)
I'm putting this ticket to 1.12.1 for now, I think that's when the work can land just fine. If the patch is not ready by then, we just push the patch further.
milestone: NEEDS_TRIAGE => SSSD 1.12.1
Fields changed
design: => N/A none needed, patch is available
rhbz: => todo
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1137012
rhbz: todo => [https://bugzilla.redhat.com/show_bug.cgi?id=1137012 1137012]
resolution: => fixed status: new => closed
Metadata Update from @firstyear: - Issue set to the milestone: SSSD 1.12.1
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3400
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.