Bug 839625 - Configuring_an_IPA_Client_on_AIX instructs to configure sshd with 'GSSAPITrustDNS' which causes sshd to no longer start
Configuring_an_IPA_Client_on_AIX instructs to configure sshd with 'GSSAPITrus...
Status: CLOSED WONTFIX
Product: Fedora Documentation
Classification: Fedora
Component: freeipa-guide (Show other bugs)
devel
All Linux
medium Severity medium
: ---
: ---
Assigned To: Martin Kosek
Fedora Documentation Project
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-07-12 09:01 EDT by Christian Horn
Modified: 2014-10-15 06:55 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-10-15 06:55:06 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Christian Horn 2012-07-12 09:01:13 EDT
Description of problem:
http://docs.fedoraproject.org/en-US/Fedora/17/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_AIX.html
instructs to set 'GSSAPITrustDNS no' in /etc/ssh/sshd_config .

Version-Release number of selected component (if applicable):
   current / fedora [15|16|17] instructions

How reproducible:
   always

Steps to Reproduce:
1. access webpage
2. implement change
3. try to start sshd
  
Actual results:
sshd no longer starts

Expected results:
sshd should start

Additional info:
- GSSAPITrustDNS is a ssh client option
- its not mentioned in the manpage but recognized
- http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/Kerberos_Errors.html mentions it as client option
- http://freeipa.com/page/ConfiguringAixClients looks like the most current howto and does not mention the option at all. I think just removing the option from the webpage is the most simple way to resolve this (recheck whole howto with an AIX client for bonus)
Comment 1 Deon Ballard 2013-06-25 15:33:14 EDT
Kicking FreeIPA doc bugs over to Martin.
Comment 2 Martin Kosek 2014-10-15 06:55:06 EDT
FreeIPA upstream project no longer actively maintains an upstream guide (details in www.freeipa.org/page/Upstream_User_Guide). The only actively maintained user information is therefore upstream community wiki (FreeIPA.org) and RHEL downstream user guides (http://www.freeipa.org/page/Documentation#User_Guides).

Please file upstream tickets or RHEL documentation Bugzillas to request additional fixes or enhancements in these guides. Thank you and sorry for any inconvenience.

Note You need to log in before you can comment on or make changes to this bug.