summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMartin Kosek <mkosek@redhat.com>2011-09-05 12:34:43 +0200
committerMartin Kosek <mkosek@redhat.com>2011-09-07 12:59:29 +0200
commit95beb84464b59813c050aa87fb39aea5a0bf6c39 (patch)
treef1c3754cf0327b68a5b7101621cc4cf78d6c48f0
parentdc3d0f387918b3de2f8e7898408e04e11cc30363 (diff)
downloadfreeipa-95beb84464b59813c050aa87fb39aea5a0bf6c39.tar.gz
freeipa-95beb84464b59813c050aa87fb39aea5a0bf6c39.tar.xz
freeipa-95beb84464b59813c050aa87fb39aea5a0bf6c39.zip
Improve ipa-join man page
Make it clear in man pages that ipa-join -u does not remove keytab. https://fedorahosted.org/freeipa/ticket/1317
-rw-r--r--ipa-client/man/ipa-join.113
1 files changed, 12 insertions, 1 deletions
diff --git a/ipa-client/man/ipa-join.1 b/ipa-client/man/ipa-join.1
index d1532ec62..60facdfa9 100644
--- a/ipa-client/man/ipa-join.1
+++ b/ipa-client/man/ipa-join.1
@@ -42,6 +42,11 @@ If a client host has already been joined to the IPA realm the ipa\-join command
This command is normally executed by the ipa\-client\-install command as part of the enrollment process.
The reverse is unenrollment. Unenrolling a host removes the Kerberos key on the IPA server. This prepares the host to be re\-enrolled. This uses the host principal stored in /etc/krb5.conf to authenticate to the IPA server to perform the unenrollment.
+
+Please note, that while the ipa\-join option removes the client from the domain, it does not actually uninstall the client or properly remove all of the IPA\-related configuration. The only way to uninstall a client completely is to use ipa\-client\-install \-\-uninstall
+(see
+.BR ipa\-client\-install (1)).
+
.SH "OPTIONS"
.TP
\fB\-h,\-\-hostname hostname\fR
@@ -57,7 +62,9 @@ The keytab file where to append the new key (will be created if it does not exis
The password to use if not using Kerberos to authenticate. Use a password of this particular host (one time password created on IPA server)
.TP
\fB\-u,\-\-unenroll\fR
-Unenroll this host from the IPA server
+Unenroll this host from the IPA server. No keytab entry is removed in the process
+(see
+.BR ipa-rmkeytab (1)).
.TP
\fB\-q,\-\-quiet\fR
Quiet mode. Only errors are displayed.
@@ -123,3 +130,7 @@ The exit status is 0 on success, nonzero on error.
20 Unenrollment result not in XML\-RPC response
21 Failed to get default Kerberos realm
+
+.SH "SEE ALSO"
+.BR ipa-rmkeytab (1)
+.BR ipa-client-instal (1)