diff options
author | Martin Babinsky <mbabinsk@redhat.com> | 2016-10-27 13:35:10 +0200 |
---|---|---|
committer | Martin Babinsky <mbabinsk@redhat.com> | 2016-11-08 17:02:44 +0100 |
commit | 294fc3dc5645eeb7942908c3e351c06aa0af329e (patch) | |
tree | c1542589e816ee550f305ce86f661fe9dc9ef2bc /client/man | |
parent | 7a183bad66b91821a75e2a1cdbd3106fc31dcab4 (diff) | |
download | freeipa-294fc3dc5645eeb7942908c3e351c06aa0af329e.tar.gz freeipa-294fc3dc5645eeb7942908c3e351c06aa0af329e.tar.xz freeipa-294fc3dc5645eeb7942908c3e351c06aa0af329e.zip |
ipa-getkeytab: expose CA cert path as option
get rid of hardcoded CA cert path and allow the caller to use supplied custom
paths instead
https://fedorahosted.org/freeipa/ticket/6409
Reviewed-By: Simo Sorce <ssorce@redhat.com>
Diffstat (limited to 'client/man')
-rw-r--r-- | client/man/ipa-getkeytab.1 | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/client/man/ipa-getkeytab.1 b/client/man/ipa-getkeytab.1 index 1c270729e..997a5955e 100644 --- a/client/man/ipa-getkeytab.1 +++ b/client/man/ipa-getkeytab.1 @@ -21,7 +21,7 @@ .SH "NAME" ipa\-getkeytab \- Get a keytab for a Kerberos principal .SH "SYNOPSIS" -ipa\-getkeytab \fB\-p\fR \fIprincipal\-name\fR \fB\-k\fR \fIkeytab\-file\fR [ \fB\-e\fR \fIencryption\-types\fR ] [ \fB\-s\fR \fIipaserver\fR ] [ \fB\-q\fR ] [ \fB\-D\fR|\fB\-\-binddn\fR \fIBINDDN\fR ] [ \fB\-w|\-\-bindpw\fR ] [ \fB\-P\fR|\fB\-\-password\fR \fIPASSWORD\fR ] [ \fB\-r\fR ] +ipa\-getkeytab \fB\-p\fR \fIprincipal\-name\fR \fB\-k\fR \fIkeytab\-file\fR [ \fB\-e\fR \fIencryption\-types\fR ] [ \fB\-s\fR \fIipaserver\fR ] [ \fB\-q\fR ] [ \fB\-D\fR|\fB\-\-binddn\fR \fIBINDDN\fR ] [ \fB\-w|\-\-bindpw\fR ] [ \fB\-P\fR|\fB\-\-password\fR \fIPASSWORD\fR ] [ \fB\-\-cacert \fICACERT\fR ] [ \fB\-r\fR ] .SH "DESCRIPTION" Retrieves a Kerberos \fIkeytab\fR. @@ -98,6 +98,10 @@ The LDAP DN to bind as when retrieving a keytab without Kerberos credentials. Ge \fB\-w, \-\-bindpw\fR The LDAP password to use when not binding with Kerberos. .TP +\fB\-\-cacert\fR +The path to the IPA CA certificate used to validate LDAPS connections. Defaults to +/etc/ipa/ca.crt +.TP \fB\-r\fR Retrieve mode. Retrieve an existing key from the server instead of generating a new one. This is incompatibile with the \-\-password option, and will work only |