On Wed, Mar 23, 2016 at 1:46 PM, Fabrice Bacchella
<fabrice.bacche...@orange.fr> wrote:
>
>> Le 23 mars 2016 à 12:28, Yedidyah Bar David <d...@redhat.com> a écrit :
>>
>> On Wed, Mar 23, 2016 at 1:04 PM, Fabrice Bacchella
>> <fabrice.bacche...@orange.fr> wrote:
>>> I'm reading the documentation here :
>>> http://www.ovirt.org/documentation/admin-guide/serial-console-setup/
>>>
>>> After a few strace, I found the ssh configuration used for the custom ssh
>>> that listen on port 2222:
>>> /usr/share/ovirt-vmconsole/ovirt-vmconsole-proxy/ovirt-vmconsole-proxy-sshd/sshd_config
>>>
>>> And I have a big problem with it.
>>> It says "GSSAPIAuthentication no" but public key authentication is not
>>> allowed in my data center, we use kerberos every where.
>>> So I wonder if I can edit this file ? How is it managed by ovirt ?
>>
>> In general, things under /usr are only packaged, not "managed". So a
>> next upgrade will overwrite your changes.
>
> Ok, so I just need to take care how modifications and upgrade are done (using
> puppet) and everything should be fine.
But isn't the below enough?
>>
>> Seems like both its systemd unit and sysv init script read
>> /etc/sysconfig/ovirt-vmconsole-proxy-sshd if it exists and add
>> ${OPTIONS} to sshd's command line. So you can try to:
>>
>> echo 'OPTIONS="-o GSSAPIAuthentication=yes"' >>
>> /etc/sysconfig/ovirt-vmconsole-proxy-sshd
>>
>>
>
> I tried that. It works. I now have pure kerberos only problems. But that's a
> good direction.
Good.
So that should be enough, no? IIRC command-line options override conf
file in sshd, no need to play games with rpm/yum.
Thanks for the report.
Best,
--
Didi
_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
