diff options
Diffstat (limited to 'ipa-client/ipa-install/ipa-client-install')
| -rwxr-xr-x | ipa-client/ipa-install/ipa-client-install | 40 |
1 files changed, 35 insertions, 5 deletions
diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install index 308c3f8d0..bd458ed09 100755 --- a/ipa-client/ipa-install/ipa-client-install +++ b/ipa-client/ipa-install/ipa-client-install @@ -104,6 +104,8 @@ def parse_options(): help="principal to use to join the IPA realm"), basic_group.add_option("-w", "--password", dest="password", sensitive=True, help="password to join the IPA realm (assumes bulk password unless principal is also set)"), + basic_group.add_option("-k", "--keytab", dest="keytab", + help="path to backed up keytab from previous enrollment"), basic_group.add_option("-W", dest="prompt_password", action="store_true", default=False, help="Prompt for a password to join the IPA realm"), @@ -1691,8 +1693,12 @@ def install(options, env, fstore, statestore): except ipaclient.ntpconf.NTPConfigurationError: pass - if options.unattended and (options.password is None and options.principal is None and options.prompt_password is False) and not options.on_master: - root_logger.error("One of password and principal are required.") + if options.unattended and (options.password is None and + options.principal is None and + options.keytab is None and + options.prompt_password is False and + not options.on_master): + root_logger.error("One of password / principal / keytab is required.") return CLIENT_INSTALL_ERROR if options.hostname: @@ -1910,8 +1916,10 @@ def install(options, env, fstore, statestore): ipaservices.backup_and_replace_hostname(fstore, statestore, options.hostname) if not options.unattended: - if options.principal is None and options.password is None and options.prompt_password is False: - options.principal = user_input("User authorized to enroll computers", allow_empty=False) + if (options.principal is None and options.password is None and + options.prompt_password is False and options.keytab is None): + options.principal = user_input("User authorized to enroll " + "computers", allow_empty=False) root_logger.debug( "will use principal provided as option: %s", options.principal) @@ -1985,12 +1993,34 @@ def install(options, env, fstore, statestore): else: stdin = sys.stdin.readline() - (stderr, stdout, returncode) = run(["kinit", principal], raiseonerr=False, stdin=stdin, env=env) + (stderr, stdout, returncode) = run(["kinit", principal], + raiseonerr=False, + stdin=stdin, + env=env) if returncode != 0: root_logger.error("Kerberos authentication failed") root_logger.info("%s", stdout) print_port_conf_info() return CLIENT_INSTALL_ERROR + elif options.keytab: + join_args.append("-f") + if os.path.exists(options.keytab): + (stderr, stdout, returncode) = run( + ['/usr/bin/kinit','-k', '-t', options.keytab, + 'host/%s@%s' % (hostname, cli_realm)], + env=env, + raiseonerr=False) + + if returncode != 0: + root_logger.error("Kerberos authentication failed " + "using keytab: %s", options.keytab) + root_logger.info("%s", stdout) + print_port_conf_info() + return CLIENT_INSTALL_ERROR + else: + root_logger.error("Keytab file could not be found: %s" + % options.keytab) + return CLIENT_INSTALL_ERROR elif options.password: nolog = (options.password,) join_args.append("-w") |