Bug 839625 - Configuring_an_IPA_Client_on_AIX instructs to configure sshd with 'GSSAPITrustDNS' which causes sshd to no longer start
Summary: Configuring_an_IPA_Client_on_AIX instructs to configure sshd with 'GSSAPITrus...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora Documentation
Classification: Fedora
Component: freeipa-guide
Version: devel
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Martin Kosek
QA Contact: Fedora Documentation Project
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-07-12 13:01 UTC by Christian Horn
Modified: 2018-11-28 19:56 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-10-15 10:55:06 UTC


Attachments (Terms of Use)

Description Christian Horn 2012-07-12 13:01:13 UTC
Description of problem:
http://docs.fedoraproject.org/en-US/Fedora/17/html/FreeIPA_Guide/Configuring_an_IPA_Client_on_AIX.html
instructs to set 'GSSAPITrustDNS no' in /etc/ssh/sshd_config .

Version-Release number of selected component (if applicable):
   current / fedora [15|16|17] instructions

How reproducible:
   always

Steps to Reproduce:
1. access webpage
2. implement change
3. try to start sshd
  
Actual results:
sshd no longer starts

Expected results:
sshd should start

Additional info:
- GSSAPITrustDNS is a ssh client option
- its not mentioned in the manpage but recognized
- http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/Kerberos_Errors.html mentions it as client option
- http://freeipa.com/page/ConfiguringAixClients looks like the most current howto and does not mention the option at all. I think just removing the option from the webpage is the most simple way to resolve this (recheck whole howto with an AIX client for bonus)

Comment 1 Deon Ballard 2013-06-25 19:33:14 UTC
Kicking FreeIPA doc bugs over to Martin.

Comment 2 Martin Kosek 2014-10-15 10:55:06 UTC
FreeIPA upstream project no longer actively maintains an upstream guide (details in www.freeipa.org/page/Upstream_User_Guide). The only actively maintained user information is therefore upstream community wiki (FreeIPA.org) and RHEL downstream user guides (http://www.freeipa.org/page/Documentation#User_Guides).

Please file upstream tickets or RHEL documentation Bugzillas to request additional fixes or enhancements in these guides. Thank you and sorry for any inconvenience.


Note You need to log in before you can comment on or make changes to this bug.