summaryrefslogtreecommitdiffstats
path: root/install/tools/man/ipa-server-install.1
diff options
context:
space:
mode:
Diffstat (limited to 'install/tools/man/ipa-server-install.1')
-rw-r--r--install/tools/man/ipa-server-install.1112
1 files changed, 62 insertions, 50 deletions
diff --git a/install/tools/man/ipa-server-install.1 b/install/tools/man/ipa-server-install.1
index 597aa6f..306fceb 100644
--- a/install/tools/man/ipa-server-install.1
+++ b/install/tools/man/ipa-server-install.1
@@ -16,7 +16,7 @@
.\"
.\" Author: Rob Crittenden <rcritten@redhat.com>
.\"
-.TH "ipa-server-install" "1" "Mar 14 2008" "freeipa" ""
+.TH "ipa-server-install" "1" "Sep 5 2011" "FreeIPA" "FreeIPA Manual Pages"
.SH "NAME"
ipa\-server\-install \- Configure an IPA server
.SH "SYNOPSIS"
@@ -24,6 +24,7 @@ ipa\-server\-install [\fIOPTION\fR]...
.SH "DESCRIPTION"
Configures the services needed by an IPA server. This includes setting up a Kerberos Key Distribution Center (KDC) with an LDAP back\-end, configuring Apache, configuring NTP and starting the ipa_kpasswd service provided by IPA. By default a dogtag\-based CA will be configured to issue server certificates.
.SH "OPTIONS"
+.SS "BASIC OPTIONS"
.TP
\fB\-r\fR \fIREALM_NAME\fR, \fB\-\-realm\fR=\fIREALM_NAME\fR
The Kerberos realm name for the IPA server
@@ -40,9 +41,36 @@ The kerberos master password (normally autogenerated)
\fB\-a\fR \fIADMIN_PASSWORD\fR, \fB\-\-admin\-password\fR=\fIADMIN_PASSWORD\fR
The password for the IPA admin user
.TP
+\fB\-\-hostname\fR=\fIHOST_NAME\fR
+The fully\-qualified DNS name of this server
+.TP
+\fB\-\-ip\-address\fR=\fIIP_ADDRESS\fR
+The IP address of this server. If this address does not match the address the host resolves to and --setup-dns is not selected the installation will fail.
+.TP
+\fB\-N\fR, \fB\-\-no\-ntp\fR
+Do not configure NTP
+.TP
+\fB\-\-idstart\fR=\fIIDSTART\fR
+The starting user and group id number (default random)
+.TP
+\fB\-\-idmax\fR=\fIIDMAX\fR
+The maximum user and group id number (default: idstart+199999). If set to zero, the default value will be used.
+.TP
+\fB\-\-no_hbac_allow\fR
+Don't install allow_all HBAC rule. This rule lets any user from any host access any service on any other host. It is expected that users will remove this rule before moving to production.
+.TP
+\fB\-\-no\-ui\-redirect\fR
+Do not automatically redirect to the Web UI.
+.TP
\fB\-d\fR, \fB\-\-debug\fR
Enable debug logging when more verbose output is needed
.TP
+\fB\-U\fR, \fB\-\-unattended\fR
+An unattended installation that will never prompt for user input
+
+
+.SS "CERTIFICATE SYSTEM OPTIONS"
+.TP
\fB\-\-selfsign\fR
Configure a self\-signed CA instance for issuing server certificates instead of using dogtag for certificates
.TP
@@ -55,11 +83,31 @@ File containing PKCS#10 certificate
\fB\-\-external_ca_file\fR=\fIFILE\fR
File containing PKCS#10 of the external CA chain
.TP
-\fB\-\-hostname\fR=\fIHOST_NAME\fR
-The fully\-qualified DNS name of this server
+\fB\-\-no\-pkinit\fR
+Disables pkinit setup steps
.TP
-\fB\-\-ip\-address\fR=\fIIP_ADDRESS\fR
-The IP address of this server. If this address does not match the address the host resolves to and --setup-dns is not selected the installation will fail.
+\fB\-\-dirsrv_pkcs12\fR=\fIFILE\fR
+PKCS#12 file containing the Directory Server SSL Certificate
+.TP
+\fB\-\-http_pkcs12\fR=\fIFILE\fR
+PKCS#12 file containing the Apache Server SSL Certificate
+.TP
+\fB\-\-pkinit_pkcs12\fR=\fIFILE\fR
+PKCS#12 file containing the Kerberos KDC SSL certificate
+.TP
+\fB\-\-dirsrv_pin\fR=\fIDIRSRV_PIN\fR
+The password of the Directory Server PKCS#12 file
+.TP
+\fB\-\-http_pin\fR=\fIHTTP_PIN\fR
+The password of the Apache Server PKCS#12 file
+.TP
+\fB\-\-pkinit_pin\fR=\fIPKINIT_PIN\fR
+The password of the Kerberos KDC PKCS#12 file
+.TP
+\fB\-\-subject\fR=\fISUBJECT\fR
+The certificate subject base (default O=REALM.NAME)
+
+.SS "DNS OPTIONS"
.TP
\fB\-\-setup\-dns\fR
Generate a DNS zone if it does not exist already and configure the DNS server.
@@ -94,57 +142,21 @@ Let name server receive notifications when a new zone is added. New zone is then
\fB\-\-zone\-refresh=\fIZONE_REFRESH\fR
Number of seconds between regular checks for new DNS zones. When set to 0 the name server does not check for new zones and it needs to be reloaded when a new DNS zone is added.
.TP
-\fB\-U\fR, \fB\-\-unattended\fR
-An unattended installation that will never prompt for user input
-.TP
-\fB\-\-uninstall\fR
-Uninstall an existing IPA installation
-.TP
-\fB\-N\fR, \fB\-\-no\-ntp\fR
-Do not configure NTP
-.TP
-\fB\-\-no\-pkinit\fR
-Disables pkinit setup steps
-.TP
-\fB\-\-dirsrv_pkcs12\fR=\fIFILE\fR
-PKCS#12 file containing the Directory Server SSL Certificate
-.TP
-\fB\-\-http_pkcs12\fR=\fIFILE\fR
-PKCS#12 file containing the Apache Server SSL Certificate
-.TP
-\fB\-\-pkinit_pkcs12\fR=\fIFILE\fR
-PKCS#12 file containing the Kerberos KDC SSL certificate
-.TP
-\fB\-\-dirsrv_pin\fR=\fIDIRSRV_PIN\fR
-The password of the Directory Server PKCS#12 file
-.TP
-\fB\-\-http_pin\fR=\fIHTTP_PIN\fR
-The password of the Apache Server PKCS#12 file
-.TP
-\fB\-\-pkinit_pin\fR=\fIPKINIT_PIN\fR
-The password of the Kerberos KDC PKCS#12 file
-.TP
\fB\-\-no\-host\-dns\fR
Do not use DNS for hostname lookup during installation
+
+.SS "UNINSTALL OPTIONS"
.TP
-\fB\-\-idstart\fR=\fIIDSTART\fR
-The starting user and group id number (default random)
-.TP
-\fB\-\-idmax\fR=\fIIDMAX\fR
-The maximum user and group id number (default: idstart+199999). If set to zero, the default value will be used.
-.TP
-\fB\-\-subject\fR=\fISUBJECT\fR
- The certificate subject base (default O=REALM.NAME)
-.TP
-\fB\-\-no_hbac_allow\fR
-Don't install allow_all HBAC rule. This rule lets any user from any host access any service on any other host. It is expected that users will remove this rule before moving to production.
-.TP
-\fB\-\-no\-ui\-redirect\fR
-Do not automatically redirect to the Web UI.
+\fB\-\-uninstall\fR
+Uninstall an existing IPA installation
.TP
+\fB\-U\fR, \fB\-\-unattended\fR
+An unattended uninstallation that will never prompt for user input
+
.SH "EXIT STATUS"
-0 if the installation was successful
+0 if the (un)installation was successful
1 if an error occurred
+
.SH "SEE ALSO"
.BR ipa-dns-install (1)