path: root/ipa-client/man
diff options
authorSimo Sorce <>2008-03-05 14:54:13 -0500
committerSimo Sorce <>2008-03-05 14:54:13 -0500
commitc2d3a9343f96506dedb1fdfbe28a6dc4f0b44919 (patch)
treeaef7291aedace5a8588fc30f8843685735c81693 /ipa-client/man
parent7fd656477a84b2677925ef5b379fa2e4793d4d48 (diff)
Add --quiet option to ipa-getkeytab
Return message on success Avoid SASL output from being printed Make sure the man page is up to date
Diffstat (limited to 'ipa-client/man')
1 files changed, 21 insertions, 7 deletions
diff --git a/ipa-client/man/ipa-getkeytab.1 b/ipa-client/man/ipa-getkeytab.1
index 3ca1b45..2971091 100644
--- a/ipa-client/man/ipa-getkeytab.1
+++ b/ipa-client/man/ipa-getkeytab.1
@@ -15,16 +15,16 @@
.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
.\" Author: Karl MacMillan <>
+.\" Author: Simo Sorce <>
.TH "ipa-getkeytab" "1" "Oct 10 2007" "freeipa" ""
ipa\-getkeytab \- Get a keytab for a kerberos principal
-ipa\-getkeytab [\fI-a\fR] \fIprincipal-name\fR \fIfile-name\fR
+ipa\-getkeytab <\fI-s ipaserver\fR> <\fI-p principal-name\fR> <\fI-k keytab-file\fR> [\fI-e encryption-types\fR] [\fI-q\fR]
-Retrieves a kerberos \fIkeytab\fR and optionally adds a
-service \fIprincipal\fR.
+Retrieves a kerberos \fIkeytab\fR.
Kerberos keytabs are used for services (like sshd) to
perform kerberos authentication. A keytab is a file
@@ -41,7 +41,7 @@ is an example principal for an ldap server:
When using ipa-getkeytab the realm name is already
provided, so the principal name is just the service
-name and hostname (ldap/ from the
+name and hostname (ldap/ from the
example above).
\fBWARNING:\fR retrieving the keytab resets the secret
@@ -49,15 +49,29 @@ rendering all other keytabs for that principal invalid.
-Add the service principal in addition to getting the keytab
+\fB\-s ipaserver\fR
+The IPA Server to retrieve the keytab from (FQDN).
+\fB\-p principal-name\fR
+The non realm part of the full principal name.
+\fB\-k keytab-file\fR
+The keytab file where to append the new key (will be
+created if not existing).
+\fB\-e encryption-types\fR
+The list of encryption types to use to generate keys.
+ipa-getkeytab will use local client defaults if not provided.
+Keep quiet.
Add and retrieve a keytab for the ldap service principal on
the host and save it in the file ldap.keytab.
- # ipa-getkeytab -a ldap/ ldap.keytab
+ # ipa-getkeytab -s -p nfs/ -k /tmp/ldap.keytab -e des-cbc-crc
The exit status is 0 on success, nonzero on error.