diff options
Diffstat (limited to 'ipa-client/man')
| -rw-r--r-- | ipa-client/man/Makefile.am | 16 | ||||
| -rw-r--r-- | ipa-client/man/ipa-client-install.1 | 55 | ||||
| -rw-r--r-- | ipa-client/man/ipa-getkeytab.1 | 101 |
3 files changed, 172 insertions, 0 deletions
diff --git a/ipa-client/man/Makefile.am b/ipa-client/man/Makefile.am new file mode 100644 index 00000000..7d0a3aa4 --- /dev/null +++ b/ipa-client/man/Makefile.am @@ -0,0 +1,16 @@ +# This file will be processed with automake-1.7 to create Makefile.in + +AUTOMAKE_OPTIONS = 1.7 + +NULL = + +man_MANS = \ + ipa-getkeytab.1 \ + ipa-client-install.1 + +install-data-hook: + @for i in $(man_MANS) ; do gzip -f $(DESTDIR)$(man1dir)/$$i ; done + +MAINTAINERCLEANFILES = \ + Makefile.in \ + $(NULL) diff --git a/ipa-client/man/ipa-client-install.1 b/ipa-client/man/ipa-client-install.1 new file mode 100644 index 00000000..49595a06 --- /dev/null +++ b/ipa-client/man/ipa-client-install.1 @@ -0,0 +1,55 @@ +.\" A man page for ipa-client-install +.\" Copyright (C) 2008 Red Hat, Inc. +.\" +.\" This is free software; you can redistribute it and/or modify it under +.\" the terms of the GNU Library General Public License as published by +.\" the Free Software Foundation; version 2 only +.\" +.\" This program is distributed in the hope that it will be useful, but +.\" WITHOUT ANY WARRANTY; without even the implied warranty of +.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +.\" General Public License for more details. +.\" +.\" You should have received a copy of the GNU Library General Public +.\" License along with this program; if not, write to the Free Software +.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +.\" +.\" Author: Rob Crittenden <rcritten@redhat.com> +.\" +.TH "ipa-client-install" "1" "Mar 14 2008" "freeipa" "" +.SH "NAME" +ipa\-client\-install \- Configure an IPA client +.SH "SYNOPSIS" +ipa\-client\-install [\fIOPTION\fR]... +.SH "DESCRIPTION" +Configures a client machine to use IPA for authentication and identity services. + +This configures PAM and NSS (Name Switching Service) to work with an IPA server over Kerberos and LDAP. +.SH "OPTIONS" +.TP +\fB\-\-domain\fR=\fIDOMAIN\fR +Set the domain name to DOMAIN +.TP +\fB\-\-server\fR=\fISERVER\fR +Set the IPA server to connect to +.TP +\fB\-\-realm\fR=\fIREALM_NAME\fR +Set the IPA realm name to REALM_NAME +.TP +\fB\-f\fR, \fB\-\-force\fR +Force the settings even if errors occur +.TP +\fB\-d\fR, \fB\-\-debug\fR +Print debugging information to stdout +.TP +\fB\-U\fR, \fB\-\-unattended\fR +Unattended installation. The user will not be prompted. +.TP +\fB\-N\fR, \fB\-\-no\-ntp\fR +Do not configure or enable NTP +\fB\-\-on\-master\fB +The client is being configured on an IPA server +.SH "EXIT STATUS" +0 if the installation was successful + +1 if an error occurred diff --git a/ipa-client/man/ipa-getkeytab.1 b/ipa-client/man/ipa-getkeytab.1 new file mode 100644 index 00000000..93db094e --- /dev/null +++ b/ipa-client/man/ipa-getkeytab.1 @@ -0,0 +1,101 @@ +.\" A man page for ipa-getkeytab +.\" Copyright (C) 2007 Red Hat, Inc. +.\" +.\" This is free software; you can redistribute it and/or modify it under +.\" the terms of the GNU Library General Public License as published by +.\" the Free Software Foundation; version 2 only +.\" +.\" This program is distributed in the hope that it will be useful, but +.\" WITHOUT ANY WARRANTY; without even the implied warranty of +.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +.\" General Public License for more details. +.\" +.\" You should have received a copy of the GNU Library General Public +.\" License along with this program; if not, write to the Free Software +.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +.\" +.\" Author: Karl MacMillan <kmacmill@redhat.com> +.\" Author: Simo Sorce <ssorce@redhat.com> +.\" +.TH "ipa-getkeytab" "1" "Oct 10 2007" "freeipa" "" +.SH "NAME" +ipa\-getkeytab \- Get a keytab for a kerberos principal +.SH "SYNOPSIS" +ipa\-getkeytab [ \fB\-s\fR ipaserver ] [ \fB\-p\fR principal\-name ] [ \fB\-k\fR keytab\-file ] [ \fB\-e\fR encryption\-types ] [ \fB\-q\fR ] + +.SH "DESCRIPTION" +Retrieves a kerberos \fIkeytab\fR. + +Kerberos keytabs are used for services (like sshd) to +perform kerberos authentication. A keytab is a file +with one or more secrets (or keys) for a kerberos +principal. + +A kerberos service principal is a kerberos identity +that can be used for authentication. Service principals +contain the name of the service, the hostname of the +server, and the realm name. For example, the following +is an example principal for an ldap server: + + ldap/foo.example.com@EXAMPLE.COM + +When using ipa\-getkeytab the realm name is already +provided, so the principal name is just the service +name and hostname (ldap/foo.example.com from the +example above). + +\fBWARNING:\fR retrieving the keytab resets the secret for the Kerberos principal. +This renders all other keytabs for that principal invalid. +.SH "OPTIONS" +.TP +\fB\-s ipaserver\fR +The IPA server to retrieve the keytab from (FQDN). +.TP +\fB\-p principal\-name\fR +The non\-realm part of the full principal name. +.TP +\fB\-k keytab\-file\fR +The keytab file where to append the new key (will be +created if it does not exist). +.TP +\fB\-e encryption\-types\fR +The list of encryption types to use to generate keys. +ipa\-getkeytab will use local client defaults if not provided. +Valid values depend on the kerberos library version and configuration. +Common values are: +aes256\-cts +aes128\-cts +des3\-hmac\-sha1 +arcfour\-hmac +des\-hmac\-sha1 +des\-cbc\-md5 +des\-cbc\-crc +.TP +\fB\-q\fR +Quiet mode. Only errors are displayed. +.TP +\fB\-\-permitted\-enctypes\fR +This options returns a description of the permitted encryption types, like this: +Supported encryption types: +AES\-256 CTS mode with 96\-bit SHA\-1 HMAC +AES\-128 CTS mode with 96\-bit SHA\-1 HMAC +Triple DES cbc mode with HMAC/sha1 +ArcFour with HMAC/md5 +DES cbc mode with CRC\-32 +DES cbc mode with RSA\-MD5 +DES cbc mode with RSA\-MD4 +.SH "EXAMPLES" +Add and retrieve a keytab for the NFS service principal on +the host foo.example.com and save it in the file /tmp/nfs.keytab and retrieve just the des\-cbc\-crc key. + + # ipa\-getkeytab \-s ipaserver.example.com \-p nfs/foo.example.com \-k /tmp/nfs.keytab \-e des\-cbc\-crc + +Add and retrieve a keytab for the ldap service principal on +the host foo.example.com and save it in the file /tmp/ldap.keytab. + + # ipa\-getkeytab \-s ipaserver.example.com \-p ldap/foo.example.com \-k /tmp/ldap.keytab + + + +.SH "EXIT STATUS" +The exit status is 0 on success, nonzero on error. |