From a38d93f65f87db1a0b9c34eb0ba1b6d9dca9e060 Mon Sep 17 00:00:00 2001
From: Tomas Babej <tbabej@redhat.com>
Date: Tue, 26 Feb 2013 13:20:13 +0100
Subject: Add support for re-enrolling hosts using keytab

A host that has been recreated  and does not have its
host entry disabled or removed, can be re-enrolled using
a previously backed up keytab file.

A new option --keytab has been added to ipa-client-install. This
can be used to specify path to the keytab and can be used instead
of -p or -w options.

A new option -f has been added to ipa-join. It forces client to
join even if the host entry already exits. A new certificate,
ssh keys are generated, ipaUniqueID stays the same.

Design page: http://freeipa.org/page/V3/Client_install_using_keytab

https://fedorahosted.org/freeipa/ticket/3374
---
 ipa-client/man/ipa-join.1 | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'ipa-client/man/ipa-join.1')

diff --git a/ipa-client/man/ipa-join.1 b/ipa-client/man/ipa-join.1
index bd33b16c..5dd4004b 100644
--- a/ipa-client/man/ipa-join.1
+++ b/ipa-client/man/ipa-join.1
@@ -64,6 +64,9 @@ The password to use if not using Kerberos to authenticate. Use a password of thi
 \fB\-b,\-\-basedn basedn\fR
 The basedn of the IPA server (of the form dc=example,dc=com). This is only needed when not using Kerberos to authenticate and anonymous binds are disallowed in the IPA LDAP server.
 .TP
+\fB\-f,\-\-force\fR
+Force enrolling the host even if host entry exists.
+.TP
 \fB\-u,\-\-unenroll\fR
 Unenroll this host from the IPA server. No keytab entry is removed in the process
 (see
-- 
cgit