Issue #2394: Add SSHFP update policy for existing zones - freeipa

freeipa

#2394 Add SSHFP update policy for existing zones

Closed: Fixed None Opened 12 years ago by mkosek.

Ticket #754 added a support for SSH public keys and also an ability to automatically update client machine ssh keys during ipa-client-install.

However, if you update FreeIPA server with DNS support, it won't update the DNS zone update policy for current zones. Thus, only A and AAAA record updates are allowed and ipa-client-install always fails to update SSHFP records in such zones.

dpal commented 12 years ago

It works on the new install but fails on upgrade.

mkosek commented 12 years ago

Note for myself: we need to create a "how to test" procedure, its not that straightforward.

mkosek commented 12 years ago

#1211 (on review) contains a plugin for dnszone modifications, we can reuse that one.

mkosek commented 12 years ago

attachment
freeipa-mkosek-224-add-sshfp-update-policy-for-existing-zones.patch

mkosek commented 12 years ago

Patch freeipa-mkosek-224-add-sshfp-update-policy-for-existing-zones.patch sent for review

mkosek commented 12 years ago

master: 7fe63f8[[BR]]
ipa-2-2: e0dae21

Metadata Update from @mkosek:
- Issue assigned to mkosek
- Issue set to the milestone: FreeIPA 2.2 Core Effort - 2012/02

7 years ago

Metadata

Assignee

mkosek

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

FreeIPA 2.2 Core Effort - 2012/02

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

754, 1211

test_case

None

component

DNS

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

tester

None

changelog

None

design

None

freeipa

Source Code

#2394 Add SSHFP update policy for existing zones Closed: Fixed None Opened 12 years ago by mkosek.

Metadata

#2394 Add SSHFP update policy for existing zones

Closed: Fixed None Opened 12 years ago by mkosek.