summaryrefslogtreecommitdiffstats
path: root/ipa-client/ipa-join.c
diff options
context:
space:
mode:
authorTomas Babej <tbabej@redhat.com>2013-02-26 13:20:13 +0100
committerMartin Kosek <mkosek@redhat.com>2013-03-12 15:13:09 +0100
commita38d93f65f87db1a0b9c34eb0ba1b6d9dca9e060 (patch)
treeec23e5b48b21c7453e281b7a397ae4b8dfdf254c /ipa-client/ipa-join.c
parent91606e6679f3a18b1c1789efd240eed982a563d4 (diff)
downloadfreeipa-a38d93f65f87db1a0b9c34eb0ba1b6d9dca9e060.tar.gz
freeipa-a38d93f65f87db1a0b9c34eb0ba1b6d9dca9e060.tar.xz
freeipa-a38d93f65f87db1a0b9c34eb0ba1b6d9dca9e060.zip
Add support for re-enrolling hosts using keytab
A host that has been recreated and does not have its host entry disabled or removed, can be re-enrolled using a previously backed up keytab file. A new option --keytab has been added to ipa-client-install. This can be used to specify path to the keytab and can be used instead of -p or -w options. A new option -f has been added to ipa-join. It forces client to join even if the host entry already exits. A new certificate, ssh keys are generated, ipaUniqueID stays the same. Design page: http://freeipa.org/page/V3/Client_install_using_keytab https://fedorahosted.org/freeipa/ticket/3374
Diffstat (limited to 'ipa-client/ipa-join.c')
-rw-r--r--ipa-client/ipa-join.c14
1 files changed, 9 insertions, 5 deletions
diff --git a/ipa-client/ipa-join.c b/ipa-client/ipa-join.c
index 8369e360f..df33d3b08 100644
--- a/ipa-client/ipa-join.c
+++ b/ipa-client/ipa-join.c
@@ -558,7 +558,7 @@ done:
}
static int
-join_krb5(const char *ipaserver, char *hostname, char **hostdn, const char **princ, const char **subject, int quiet) {
+join_krb5(const char *ipaserver, char *hostname, char **hostdn, const char **princ, const char **subject, int force, int quiet) {
xmlrpc_env env;
xmlrpc_value * argArrayP = NULL;
xmlrpc_value * paramArrayP = NULL;
@@ -663,7 +663,7 @@ join_krb5(const char *ipaserver, char *hostname, char **hostdn, const char **pri
goto cleanup;
}
xmlrpc_struct_find_value(&env, structP, "krblastpwdchange", &krblastpwdchangeP);
- if (krblastpwdchangeP) {
+ if (krblastpwdchangeP && !force) {
xmlrpc_value * singleprincP = NULL;
/* FIXME: all values are returned as lists currently. Once this is
@@ -929,7 +929,7 @@ cleanup:
static int
-join(const char *server, const char *hostname, const char *bindpw, const char *basedn, const char *keytab, int quiet)
+join(const char *server, const char *hostname, const char *bindpw, const char *basedn, const char *keytab, int force, int quiet)
{
int rval = 0;
pid_t childpid = 0;
@@ -1003,7 +1003,8 @@ join(const char *server, const char *hostname, const char *bindpw, const char *b
rval = 6;
goto cleanup;
}
- rval = join_krb5(ipaserver, host, &hostdn, &princ, &subject, quiet);
+ rval = join_krb5(ipaserver, host, &hostdn, &princ, &subject, force,
+ quiet);
}
if (rval) goto cleanup;
@@ -1100,6 +1101,7 @@ main(int argc, const char **argv) {
static const char *basedn = NULL;
int quiet = 0;
int unenroll = 0;
+ int force = 0;
struct poptOption options[] = {
{ "debug", 'd', POPT_ARG_NONE, &debug, 0,
_("Print the raw XML-RPC output in GSSAPI mode"), NULL },
@@ -1113,6 +1115,8 @@ main(int argc, const char **argv) {
_("IPA Server to use"), _("hostname") },
{ "keytab", 'k', POPT_ARG_STRING, &keytab, 0,
_("Specifies where to store keytab information."), _("filename") },
+ { "force", 'f', POPT_ARG_NONE, &force, 0,
+ _("Force the host join. Rejoin even if already joined."), NULL },
{ "bindpw", 'w', POPT_ARG_STRING, &bindpw, 0,
_("LDAP password (if not using Kerberos)"), _("password") },
{ "basedn", 'b', POPT_ARG_STRING, &basedn, 0,
@@ -1149,7 +1153,7 @@ main(int argc, const char **argv) {
} else {
ret = check_perms(keytab);
if (ret == 0)
- ret = join(server, hostname, bindpw, basedn, keytab, quiet);
+ ret = join(server, hostname, bindpw, basedn, keytab, force, quiet);
}
exit(ret);
generated by cgit (git 2.34.1) at 2024-05-13 20:03:22 +0000