diff options
| author | Martin Babinsky <mbabinsk@redhat.com> | 2015-03-31 10:02:52 +0200 |
|---|---|---|
| committer | Petr Vobornik <pvoborni@redhat.com> | 2015-05-07 16:00:00 +0200 |
| commit | 059a4c188760ec7360ccb68a5c8a292afb21d35e (patch) | |
| tree | aa996a39a2543032f1164c90397f2e05679f9a97 | |
| parent | 83e2552cdd99e67415148c0a7a317f3e3c45b831 (diff) | |
| download | freeipa-059a4c188760ec7360ccb68a5c8a292afb21d35e.tar.gz freeipa-059a4c188760ec7360ccb68a5c8a292afb21d35e.tar.xz freeipa-059a4c188760ec7360ccb68a5c8a292afb21d35e.zip | |
ipa-server-install: deprecate manual setting of master KDC password
Option '-P' was used in older version of FreeIPA to set up KDC master password
during server install. This is no longer neccessary or desirable since the
password of sufficient strength can be generated automatically during
installation.
https://fedorahosted.org/freeipa/ticket/4516
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
| -rwxr-xr-x | install/tools/ipa-server-install | 8 | ||||
| -rw-r--r-- | install/tools/man/ipa-server-install.1 | 8 |
2 files changed, 12 insertions, 4 deletions
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 1fe5bd9ea..c74d15f8f 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -167,7 +167,7 @@ def parse_options(): sensitive=True, help="Directory Manager password") basic_group.add_option("-P", "--master-password", dest="master_password", sensitive=True, - help="kerberos master password (normally autogenerated)") + help=SUPPRESS_HELP) basic_group.add_option("-a", "--admin-password", sensitive=True, dest="admin_password", help="admin user kerberos password") @@ -698,6 +698,12 @@ def main(): signal.signal(signal.SIGTERM, signal_handler) signal.signal(signal.SIGINT, signal_handler) + if options.master_password: + msg = ("WARNING:\noption '-P/--master-password' is deprecated. " + "KDC master password of sufficient strength is autogenerated " + "during IPA server installation and should not be set " + "manually.") + print textwrap.fill(msg, width=79, replace_whitespace=False) if options.uninstall: uninstalling = True standard_logging_setup(paths.IPASERVER_UNINSTALL_LOG, debug=options.debug) diff --git a/install/tools/man/ipa-server-install.1 b/install/tools/man/ipa-server-install.1 index e5224b110..1eaed7211 100644 --- a/install/tools/man/ipa-server-install.1 +++ b/install/tools/man/ipa-server-install.1 @@ -36,9 +36,6 @@ Your DNS domain name \fB\-p\fR \fIDM_PASSWORD\fR, \fB\-\-ds\-password\fR=\fIDM_PASSWORD\fR The password to be used by the Directory Server for the Directory Manager user .TP -\fB\-P\fR \fIMASTER_PASSWORD\fR, \fB\-\-master\-password\fR=\fIMASTER_PASSWORD\fR -The kerberos master password (normally autogenerated) -.TP \fB\-a\fR \fIADMIN_PASSWORD\fR, \fB\-\-admin\-password\fR=\fIADMIN_PASSWORD\fR The password for the IPA admin user .TP @@ -176,6 +173,11 @@ Uninstall an existing IPA installation \fB\-U\fR, \fB\-\-unattended\fR An unattended uninstallation that will never prompt for user input +.SH "DEPRECATED OPTIONS" +.TP +\fB\-P\fR \fIMASTER_PASSWORD\fR, \fB\-\-master\-password\fR=\fIMASTER_PASSWORD\fR +The kerberos master password (normally autogenerated). + .SH "EXIT STATUS" 0 if the (un)installation was successful |