Allow host re-enrollment using delegation

A new option --force-join has been added to ipa-client-install.
It forces the host enrollment even if the host entry exists.
Old certificate is revoked, new certificate and ssh key pair
generated. See the relevant design for the re-enrollment part:
http://freeipa.org/page/V3/Forced_client_re-enrollment

https://fedorahosted.org/freeipa/ticket/3482

1 files changed, 4 insertions, 1 deletions

diff --git a/ipa-client/man/ipa-client-install.1 b/ipa-client/man/ipa-client-install.1
index 8a77a113..d98318ee 100644
--- a/ipa-client/man/ipa-client-install.1
+++ b/ipa-client/man/ipa-client-install.1
@@ -77,7 +77,7 @@ Password for joining a machine to the IPA realm. Assumes bulk password unless pr
 Prompt for the password for joining a machine to the IPA realm.
 .TP
 \fB\-k\fR, \fB\-\-keytab\fR
-Path to backed up host keytab from previous enrollment.
+Path to backed up host keytab from previous enrollment. Joins the host even if it is already enrolled.
 .TP
 \fB\-\-mkhomedir\fR
 Configure PAM to create a users home directory if it does not exist.
@@ -85,6 +85,9 @@ Configure PAM to create a users home directory if it does not exist.
 \fB\-\-hostname\fR
 The hostname of this machine (FQDN). If specified, the hostname will be set and the system configuration will be updated to persist over reboot. By default a nodename result from uname(2) is used.
 .TP
+\fB\-\-force\-join\fR
+Join the host even if it is already enrolled.
+.TP
 \fB\-\-ntp\-server\fR=\fINTP_SERVER\fR
 Configure ntpd to use this NTP server.
 .TP