diff options
author | Tomas Babej <tbabej@redhat.com> | 2013-03-18 11:06:22 +0100 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2013-03-25 10:53:25 +0100 |
commit | a7ccc198a731d0e48319a73bcb2dd98c34de262a (patch) | |
tree | c48c5980b4d27c41e155aef401538da8b59ec9bf | |
parent | 322458b5b2f80e179ef43b904c2665254c0a3763 (diff) | |
download | freeipa-a7ccc198a731d0e48319a73bcb2dd98c34de262a.tar.gz freeipa-a7ccc198a731d0e48319a73bcb2dd98c34de262a.tar.xz freeipa-a7ccc198a731d0e48319a73bcb2dd98c34de262a.zip |
Allow host re-enrollment using delegation
A new option --force-join has been added to ipa-client-install.
It forces the host enrollment even if the host entry exists.
Old certificate is revoked, new certificate and ssh key pair
generated. See the relevant design for the re-enrollment part:
http://freeipa.org/page/V3/Forced_client_re-enrollment
https://fedorahosted.org/freeipa/ticket/3482
-rwxr-xr-x | ipa-client/ipa-install/ipa-client-install | 5 | ||||
-rw-r--r-- | ipa-client/man/ipa-client-install.1 | 5 |
2 files changed, 9 insertions, 1 deletions
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index f1b2c1887..6be4a9013 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -111,6 +111,9 @@ def parse_options(): help="The hostname of this machine (FQDN). If specified, the hostname will be set and " "the system configuration will be updated to persist over reboot. " "By default a nodename result from uname(2) is used.") + basic_group.add_option("", "--force-join", dest="force_join", + action="store_true", default=False, + help="Force client enrollment even if already enrolled") basic_group.add_option("--ntp-server", dest="ntp_server", help="ntp server to use") basic_group.add_option("-N", "--no-ntp", action="store_false", help="do not configure ntp", default=True, dest="conf_ntp") @@ -1989,6 +1992,8 @@ def install(options, env, fstore, statestore): if options.hostname: join_args.append("-h") join_args.append(options.hostname) + if options.force_join: + join_args.append("-f") if options.principal is not None: stdin = None principal = options.principal diff --git a/ipa-client/man/ipa-client-install.1 b/ipa-client/man/ipa-client-install.1 index 8a77a113a..d98318eed 100644 --- a/ipa-client/man/ipa-client-install.1 +++ b/ipa-client/man/ipa-client-install.1 @@ -77,7 +77,7 @@ Password for joining a machine to the IPA realm. Assumes bulk password unless pr Prompt for the password for joining a machine to the IPA realm. .TP \fB\-k\fR, \fB\-\-keytab\fR -Path to backed up host keytab from previous enrollment. +Path to backed up host keytab from previous enrollment. Joins the host even if it is already enrolled. .TP \fB\-\-mkhomedir\fR Configure PAM to create a users home directory if it does not exist. @@ -85,6 +85,9 @@ Configure PAM to create a users home directory if it does not exist. \fB\-\-hostname\fR The hostname of this machine (FQDN). If specified, the hostname will be set and the system configuration will be updated to persist over reboot. By default a nodename result from uname(2) is used. .TP +\fB\-\-force\-join\fR +Join the host even if it is already enrolled. +.TP \fB\-\-ntp\-server\fR=\fINTP_SERVER\fR Configure ntpd to use this NTP server. .TP |