From a38d93f65f87db1a0b9c34eb0ba1b6d9dca9e060 Mon Sep 17 00:00:00 2001 From: Tomas Babej Date: Tue, 26 Feb 2013 13:20:13 +0100 Subject: Add support for re-enrolling hosts using keytab A host that has been recreated and does not have its host entry disabled or removed, can be re-enrolled using a previously backed up keytab file. A new option --keytab has been added to ipa-client-install. This can be used to specify path to the keytab and can be used instead of -p or -w options. A new option -f has been added to ipa-join. It forces client to join even if the host entry already exits. A new certificate, ssh keys are generated, ipaUniqueID stays the same. Design page: http://freeipa.org/page/V3/Client_install_using_keytab https://fedorahosted.org/freeipa/ticket/3374 --- ipa-client/man/ipa-client-install.1 | 3 +++ ipa-client/man/ipa-join.1 | 3 +++ 2 files changed, 6 insertions(+) (limited to 'ipa-client/man') diff --git a/ipa-client/man/ipa-client-install.1 b/ipa-client/man/ipa-client-install.1 index 2990b669..8a77a113 100644 --- a/ipa-client/man/ipa-client-install.1 +++ b/ipa-client/man/ipa-client-install.1 @@ -76,6 +76,9 @@ Password for joining a machine to the IPA realm. Assumes bulk password unless pr \fB\-W\fR Prompt for the password for joining a machine to the IPA realm. .TP +\fB\-k\fR, \fB\-\-keytab\fR +Path to backed up host keytab from previous enrollment. +.TP \fB\-\-mkhomedir\fR Configure PAM to create a users home directory if it does not exist. .TP diff --git a/ipa-client/man/ipa-join.1 b/ipa-client/man/ipa-join.1 index bd33b16c..5dd4004b 100644 --- a/ipa-client/man/ipa-join.1 +++ b/ipa-client/man/ipa-join.1 @@ -64,6 +64,9 @@ The password to use if not using Kerberos to authenticate. Use a password of thi \fB\-b,\-\-basedn basedn\fR The basedn of the IPA server (of the form dc=example,dc=com). This is only needed when not using Kerberos to authenticate and anonymous binds are disallowed in the IPA LDAP server. .TP +\fB\-f,\-\-force\fR +Force enrolling the host even if host entry exists. +.TP \fB\-u,\-\-unenroll\fR Unenroll this host from the IPA server. No keytab entry is removed in the process (see -- cgit