diff options
| author | Tomas Babej <tbabej@redhat.com> | 2013-08-02 17:06:29 +0200 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2013-08-06 12:31:16 +0200 |
| commit | 3bb6d3830868a50066569b55158fbba1f36654fd (patch) | |
| tree | 1c49be66724bcbffe829c1411f6d49b13507e9d4 /ipa-client/man | |
| parent | 8122d74596457530ce794916bafb1c7fcdb56ada (diff) | |
| download | freeipa-3bb6d3830868a50066569b55158fbba1f36654fd.tar.gz freeipa-3bb6d3830868a50066569b55158fbba1f36654fd.tar.xz freeipa-3bb6d3830868a50066569b55158fbba1f36654fd.zip | |
Improve help entry for ipa host
Updates old information produced by the ipa help host command.
Also adds a section to ipa-client-install manpage about client
re-enrollment.
https://fedorahosted.org/freeipa/ticket/3820
Diffstat (limited to 'ipa-client/man')
| -rw-r--r-- | ipa-client/man/ipa-client-install.1 | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/ipa-client/man/ipa-client-install.1 b/ipa-client/man/ipa-client-install.1 index d98318eed..bb19041b1 100644 --- a/ipa-client/man/ipa-client-install.1 +++ b/ipa-client/man/ipa-client-install.1 @@ -52,6 +52,31 @@ Other directory servers deployed in the network (e.g. Microsoft Active Directory In order to avoid the aforementioned DNS autodiscovery issues, the client machine hostname should be in a domain with properly defined DNS SRV records pointing to IPA servers, either manually with a custom DNS server or with IPA DNS integrated solution. A second approach would be to avoid autodiscovery and configure the installer to use a fixed list of IPA server hostnames using the \-\-server option and with a \-\-fixed\-primary option disabling DNS SRV record autodiscovery in SSSD. +.SS "Re\-enrollment of the host" +Requirements: + +1. Host has not been un\-enrolled (the ipa\-client\-install \-\-uninstall command has not been run). +.br +2. The host entry has not been disabled via the ipa host\-disable command. + +If this has been the case, host can be re\-enrolled using the usual methods. + +There are two method of authenticating a re\-enrollment: + +1. You can use \-\-force\-join option with ipa\-client\-install command. This authenticates the re\-enrollment using the admin's credetials provided via the \-w/\-\-password option. +.br +2. If providing the admin's password via the command line is not an option (e.g you want to create a script to re\-enroll a host and keep the admin's password secure), you can use backed up keytab from the previous enrollment of this host to authenticate. See \-\-keytab option. + +Consenquences of the re\-enrollment on the host entry: + +1. A new host certificate is issued +.br +2. The old host certificate is revoked +.br +3. New SSH keys are generated +.br +4. ipaUniqueID is preserved + .SH "OPTIONS" .SS "BASIC OPTIONS" .TP |