Bug 670351 - ipav2beta1 doc - admin guide for client - update "Configuring Client SSH Access" chapters
Summary: ipav2beta1 doc - admin guide for client - update "Configuring Client SSH Acce...
Keywords:
Status: CLOSED DUPLICATE of bug 670353
Alias: None
Product: freeIPA
Classification: Retired
Component: Documentation
Version: 2.0
Hardware: Unspecified
OS: Unspecified
low
medium
Target Milestone: ---
Assignee: David O'Brien
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On:
Blocks: 670353
TreeView+ depends on / blocked
 
Reported: 2011-01-17 23:58 UTC by Marc Sauton
Modified: 2015-01-04 23:45 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 670353 (view as bug list)
Environment:
Last Closed: 2011-01-31 00:21:51 UTC

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Marc Sauton 2011-01-17 23:58:28 UTC 
Description of problem:

ipav2beta1 doc - admin guide for client - update "Configuring Client SSH Access" chapters 

The chapters about SSH configuration have the 1.0 descriptions, and need an update to remove the no longer necessary steps 2 for kinit, 3 for ipa service-add, and 4 for ipa-getkeytab, to reflect the  newer transparent usage of /usr/sbin/ipa-join by ipa-client-install, at least for the Fedora and RHEL clients, in:
8.1.1.7. Configuring Client SSH Access
8.2.7. Configuring Client SSH Access

Extra note: there is a difference of the chapter numbering resulting on smaller fonts for the Fedora titles, may be the RHEL and Fedora client description should be nearly the same.


Version-Release number of selected component (if applicable):
ipa-client-2.0.0.pre1-0.fc14.x86_64
ipa-python-2.0.0.pre1-0.fc14.x86_64
ipa-admintools-2.0.0.pre1-0.fc14.x86_64
ipa-server-selinux-2.0.0.pre1-0.fc14.x86_64
ipa-server-2.0.0.pre1-0.fc14.x86_64


How reproducible:
always


Steps to Reproduce:

0. have time sync between IPA server and clients

1. on client
yum install -y ipa-client ipa-admintools

1.1 on client, verify what is installed:
rpm -qa|grep ipa-

2. on client, install IPA client
ipa-client-install

2.1 on client, verify IPA client is 
getent passwd
getent passwd testuser1
getent group ipausers

3. test ssh from either IPA client or other system:
ssh testuser1.com

  
Actual results:

Doc:
"
Procedure 8.8. To configure a Fedora IPA client for incoming SSH connections:
   1. The IPA client installation process configures the NTP service by default, but you should ensure that time on the IPA client and server is synchronized. If it is not, run the following commands on the IPA client:
      # service ntpd stop
      # ntpdate -s -p 8 -u ipaserver.example.com
      # service ntpd start
      Note
      The ntpdate command does not work if ntpd is running.
   2. Obtain a Kerberos ticket for the admin user.
      # kinit admin
   3. Add a host service principal on the IPA client.
      # ipa service-add host/ipaclient.example.com
   4. Retrieve the keytab.
      # ipa-getkeytab -s ipaserver.example.com -p host/ipaclient.example.com -k /etc/krb5.keytab 

The IPA client should now be fully configured to accept incoming SSH connections and authenticate with the user's Kerberos credentials. Use the following command on another machine to test the configuration. This should succeed without asking for a password.
# ssh admin.com 
"


Expected results:


Additional info:
Comment 2 David O'Brien 2011-01-31 00:21:51 UTC 
Opened and addressed in RHEL. Closing this.

*** This bug has been marked as a duplicate of bug 670353 ***
Note You need to log in before you can comment on or make changes to this bug.