| Summary: | ipav2beta1 doc - admin guide for client - update "Configuring Client SSH Access" chapters | |||
|---|---|---|---|---|
| Product: | [Retired] freeIPA | Reporter: | Marc Sauton <msauton> | |
| Component: | Documentation | Assignee: | David O'Brien <daobrien> | |
| Status: | CLOSED DUPLICATE | QA Contact: | Chandrasekar Kannan <ckannan> | |
| Severity: | medium | Docs Contact: | ||
| Priority: | low | |||
| Version: | 2.0 | CC: | benl, dpal, jgalipea | |
| Target Milestone: | --- | |||
| Target Release: | --- | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | Bug Fix | ||
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 670353 (view as bug list) | Environment: | ||
| Last Closed: | 2011-01-31 00:21:51 UTC | Type: | --- | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Bug Depends On: | ||||
| Bug Blocks: | 670353 | |||
Opened and addressed in RHEL. Closing this. *** This bug has been marked as a duplicate of bug 670353 *** |
Description of problem: ipav2beta1 doc - admin guide for client - update "Configuring Client SSH Access" chapters The chapters about SSH configuration have the 1.0 descriptions, and need an update to remove the no longer necessary steps 2 for kinit, 3 for ipa service-add, and 4 for ipa-getkeytab, to reflect the newer transparent usage of /usr/sbin/ipa-join by ipa-client-install, at least for the Fedora and RHEL clients, in: 8.1.1.7. Configuring Client SSH Access 8.2.7. Configuring Client SSH Access Extra note: there is a difference of the chapter numbering resulting on smaller fonts for the Fedora titles, may be the RHEL and Fedora client description should be nearly the same. Version-Release number of selected component (if applicable): ipa-client-2.0.0.pre1-0.fc14.x86_64 ipa-python-2.0.0.pre1-0.fc14.x86_64 ipa-admintools-2.0.0.pre1-0.fc14.x86_64 ipa-server-selinux-2.0.0.pre1-0.fc14.x86_64 ipa-server-2.0.0.pre1-0.fc14.x86_64 How reproducible: always Steps to Reproduce: 0. have time sync between IPA server and clients 1. on client yum install -y ipa-client ipa-admintools 1.1 on client, verify what is installed: rpm -qa|grep ipa- 2. on client, install IPA client ipa-client-install 2.1 on client, verify IPA client is getent passwd getent passwd testuser1 getent group ipausers 3. test ssh from either IPA client or other system: ssh testuser1.com Actual results: Doc: " Procedure 8.8. To configure a Fedora IPA client for incoming SSH connections: 1. The IPA client installation process configures the NTP service by default, but you should ensure that time on the IPA client and server is synchronized. If it is not, run the following commands on the IPA client: # service ntpd stop # ntpdate -s -p 8 -u ipaserver.example.com # service ntpd start Note The ntpdate command does not work if ntpd is running. 2. Obtain a Kerberos ticket for the admin user. # kinit admin 3. Add a host service principal on the IPA client. # ipa service-add host/ipaclient.example.com 4. Retrieve the keytab. # ipa-getkeytab -s ipaserver.example.com -p host/ipaclient.example.com -k /etc/krb5.keytab The IPA client should now be fully configured to accept incoming SSH connections and authenticate with the user's Kerberos credentials. Use the following command on another machine to test the configuration. This should succeed without asking for a password. # ssh admin.com " Expected results: Additional info: