diff options
| -rw-r--r-- | ipa-client/man/Makefile.am | 3 | ||||
| -rw-r--r-- | ipa-client/man/ipa-join.1 | 60 | ||||
| -rw-r--r-- | ipa.spec.in | 1 |
3 files changed, 63 insertions, 1 deletions
diff --git a/ipa-client/man/Makefile.am b/ipa-client/man/Makefile.am index 7d0a3aa43..eee7144c1 100644 --- a/ipa-client/man/Makefile.am +++ b/ipa-client/man/Makefile.am @@ -6,7 +6,8 @@ NULL = man_MANS = \ ipa-getkeytab.1 \ - ipa-client-install.1 + ipa-client-install.1 \ + ipa-join.1 install-data-hook: @for i in $(man_MANS) ; do gzip -f $(DESTDIR)$(man1dir)/$$i ; done diff --git a/ipa-client/man/ipa-join.1 b/ipa-client/man/ipa-join.1 new file mode 100644 index 000000000..d4a143375 --- /dev/null +++ b/ipa-client/man/ipa-join.1 @@ -0,0 +1,60 @@ +.\" A man page for ipa-join +.\" Copyright (C) 2009 Red Hat, Inc. +.\" +.\" This is free software; you can redistribute it and/or modify it under +.\" the terms of the GNU Library General Public License as published by +.\" the Free Software Foundation; version 2 only +.\" +.\" This program is distributed in the hope that it will be useful, but +.\" WITHOUT ANY WARRANTY; without even the implied warranty of +.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +.\" General Public License for more details. +.\" +.\" You should have received a copy of the GNU Library General Public +.\" License along with this program; if not, write to the Free Software +.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +.\" +.\" Author: Rob Crittenden <rcritten@redhat.com> +.\" +.TH "ipa-join" "1" "Oct 8 2009" "freeipa" "" +.SH "NAME" +ipa\-join \- Join a machine to an IPA realm and get a keytab for the host service principal +.SH "SYNOPSIS" +ipa\-join [ \fB\-h\fR hostname ] [ \fB\-k\fR keytab\-file ] [ \fB\-w\fR bulk\-bind\-password ] [ \fB\-d\fR ] [ \fB\-q\fR ] + +.SH "DESCRIPTION" +Joins a host to an IPA realm and retrieves a kerberos \fIkeytab\fR for the host service principal. + +Kerberos keytabs are used for services (like sshd) to perform kerberos authentication. A keytab is a file with one or more secrets (or keys) for a kerberos principal. + +The ipa\-join command will create and retrieve a service principal for host/foo.example.com@EXAMPLE.COM and place it by default into /etc/krb5.keytab. The location can be overridden with the \-k option. + +The IPA server to contact is set in /etc/ipa/default.conf +.SH "OPTIONS" +.TP +\fB\-h hostname\fR +The hostname of this server (FQDN). By default of nodename from uname(2) is used. +.TP +\fB\-k keytab\-file\fR +The keytab file where to append the new key (will be created if it does not exist). Default: /etc/krb5.keytab +.TP +\fB\-q\fR +Quiet mode. Only errors are displayed. +.TP +\fB\-d\fR +Debug mode. +.SH "EXAMPLES" +Join IPA domain and retrieve a keytab with kerberos credentials. + + # kinit admin + # ipa\-join + +Join IPA domain and retrieve a keytab using a one\-time password. + + # ipa\-join \-w secret123 + +Join IPA domain and save the keytab in another location. + + # ipa\-join \-k /tmp/host.keytab +.SH "EXIT STATUS" +The exit status is 0 on success, nonzero on error. diff --git a/ipa.spec.in b/ipa.spec.in index f29356888..1a8f33ccf 100644 --- a/ipa.spec.in +++ b/ipa.spec.in @@ -398,6 +398,7 @@ fi %{python_sitelib}/ipaclient/*.py* %{_mandir}/man1/ipa-getkeytab.1.gz %{_mandir}/man1/ipa-client-install.1.gz +%{_mandir}/man1/ipa-join.1.gz %files admintools %doc LICENSE README |