diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2010-05-05 14:52:39 -0400 |
|---|---|---|
| committer | Jason Gerard DeRose <jderose@redhat.com> | 2010-05-06 09:05:30 -0600 |
| commit | 83cb7e75b8d6ff031f2f731b0b194fc562ad56b0 (patch) | |
| tree | a788fb612f118260b0f952cb080b4b289a287f23 /ipa-client/man | |
| parent | c2f89941edac3873484f24ca8595a50cdcbc68b6 (diff) | |
| download | freeipa-83cb7e75b8d6ff031f2f731b0b194fc562ad56b0.tar.gz freeipa-83cb7e75b8d6ff031f2f731b0b194fc562ad56b0.tar.xz freeipa-83cb7e75b8d6ff031f2f731b0b194fc562ad56b0.zip | |
Call certmonger after krb5, avoid uninstall errors, better password handling.
- Move the ipa-getcert request to after we set up /etc/krb5.conf
- Don't try removing certificates that don't exist
- Don't tell certmonger to stop tracking a cert that doesn't exist
- Allow --password/-w to be the kerberos password
- Print an error if prompting for a password would happen in unattended mode
- Still support echoing a password in when in unattended mode
Diffstat (limited to 'ipa-client/man')
| -rw-r--r-- | ipa-client/man/ipa-client-install.1 | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/ipa-client/man/ipa-client-install.1 b/ipa-client/man/ipa-client-install.1 index 9eb0b39d9..4a1fcb543 100644 --- a/ipa-client/man/ipa-client-install.1 +++ b/ipa-client/man/ipa-client-install.1 @@ -50,26 +50,30 @@ Unattended installation. The user will not be prompted. \fB\-N\fR, \fB\-\-no\-ntp\fR Do not configure or enable NTP. .TP +\fB\-\-ntp-server\fR=\fINTP_SERVER\fR +Configure ntpd to use this NTP server. +Do not configure or enable NTP. +.TP \fB\-S\fR, \fB\-\-no\-sssd\fR Do not configure the client to use SSSD for authentication, use nss_ldap instead. .TP \fB\-\-on\-master\fB The client is being configured on an IPA server. .TP -\fB\-w\fR, \fB\-\-password\fR -Password for joining a machine to the IPA realm. +\fB\-w\fR \fIPASSWORD\fR, \fB\-\-password\fR=\fIPASSWORD\fR +Password for joining a machine to the IPA realm. Assumes bulk password unless principal is also set. .TP \fB\-W\fR Prompt for the password for joining a machine to the IPA realm. .TP \fB\-p\fR, \fB\-\-principal\fR -Principal to use to join the IPA realm. +Authorized kerberos principal to use to join the IPA realm. .TP \fB\-\-permit\fR -Set the SSSD access rules to permit all access. Otherwise the machine will be controlled by the Host-based Access Controls on the IPA server. +Configure SSSD to permit all access. Otherwise the machine will be controlled by the Host-based Access Controls (HBAC) on the IPA server. .TP \fB\-\-mkhomedir\fR -Create a users home directory if it does not exist. +Configure pam to create a users home directory if it does not exist. .TP \fB\-\-uninstall\fR Remove the IPA client software and restore the configuration to the pre-IPA state. |