Description Stefan Gohmann 2016-06-02 08:15:30 CEST

univention-system-activation now reconfigures the univention-pam packages. Some UCR variables for the SSH access are set in the univention-pam join script:

 if is_domain_controller; then
     univention-config-registry set \
         auth/sshd/restrict?"yes" \
         "auth/sshd/group/Domain Admins?yes" \
         auth/sshd/group/Computers?"yes" \
         "auth/sshd/group/DC Slave Hosts?yes" \
         "auth/sshd/group/DC Backup Hosts?yes" \
         auth/sshd/group/Administrators?"yes" \
         auth/sshd/user/root?"yes"
 fi

The system-activation must set the same settings. It might be the best to move this part to a extra script where it can be called from the system activation and the join script.

Once, it has been fixed and released, the hotfix part of r69738 can be removed.