diff options
author | Tomas Babej <tbabej@redhat.com> | 2013-02-26 13:20:13 +0100 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2013-03-12 15:13:09 +0100 |
commit | a38d93f65f87db1a0b9c34eb0ba1b6d9dca9e060 (patch) | |
tree | ec23e5b48b21c7453e281b7a397ae4b8dfdf254c /ipa-client/man | |
parent | 91606e6679f3a18b1c1789efd240eed982a563d4 (diff) | |
download | freeipa.git-a38d93f65f87db1a0b9c34eb0ba1b6d9dca9e060.tar.gz freeipa.git-a38d93f65f87db1a0b9c34eb0ba1b6d9dca9e060.tar.xz freeipa.git-a38d93f65f87db1a0b9c34eb0ba1b6d9dca9e060.zip |
Add support for re-enrolling hosts using keytab
A host that has been recreated and does not have its
host entry disabled or removed, can be re-enrolled using
a previously backed up keytab file.
A new option --keytab has been added to ipa-client-install. This
can be used to specify path to the keytab and can be used instead
of -p or -w options.
A new option -f has been added to ipa-join. It forces client to
join even if the host entry already exits. A new certificate,
ssh keys are generated, ipaUniqueID stays the same.
Design page: http://freeipa.org/page/V3/Client_install_using_keytab
https://fedorahosted.org/freeipa/ticket/3374
Diffstat (limited to 'ipa-client/man')
-rw-r--r-- | ipa-client/man/ipa-client-install.1 | 3 | ||||
-rw-r--r-- | ipa-client/man/ipa-join.1 | 3 |
2 files changed, 6 insertions, 0 deletions
diff --git a/ipa-client/man/ipa-client-install.1 b/ipa-client/man/ipa-client-install.1 index 2990b669..8a77a113 100644 --- a/ipa-client/man/ipa-client-install.1 +++ b/ipa-client/man/ipa-client-install.1 @@ -76,6 +76,9 @@ Password for joining a machine to the IPA realm. Assumes bulk password unless pr \fB\-W\fR Prompt for the password for joining a machine to the IPA realm. .TP +\fB\-k\fR, \fB\-\-keytab\fR +Path to backed up host keytab from previous enrollment. +.TP \fB\-\-mkhomedir\fR Configure PAM to create a users home directory if it does not exist. .TP diff --git a/ipa-client/man/ipa-join.1 b/ipa-client/man/ipa-join.1 index bd33b16c..5dd4004b 100644 --- a/ipa-client/man/ipa-join.1 +++ b/ipa-client/man/ipa-join.1 @@ -64,6 +64,9 @@ The password to use if not using Kerberos to authenticate. Use a password of thi \fB\-b,\-\-basedn basedn\fR The basedn of the IPA server (of the form dc=example,dc=com). This is only needed when not using Kerberos to authenticate and anonymous binds are disallowed in the IPA LDAP server. .TP +\fB\-f,\-\-force\fR +Force enrolling the host even if host entry exists. +.TP \fB\-u,\-\-unenroll\fR Unenroll this host from the IPA server. No keytab entry is removed in the process (see |