When running
ipa-client-install --ssh-trust-dns
it effectively prevents the
GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h
from being configured in {{{/etc/ssh/ssh_config}}}. The ipa-client-install man page could be amended to be clear about it, or the behaviour could be changed to always configure both (unless {{{--no-ssh}}} is used).
I have been thinking about this for a while now and IMO the behavior should be changed so that VerifyHostKeyDNS is set in addition to ProxyCommand and GlobalKnownHostsFile, not instead of them.
Changing component as per Jan's reply.
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=973766
master: 736dd0f[[BR]] ipa-3-2: 9e5ce4f
Metadata Update from @adelton: - Issue assigned to jcholast - Issue set to the milestone: FreeIPA 3.2.x - 2013/06 (bug fixing)
Login to comment on this ticket.