diff options
| author | Simo Sorce <simo@redhat.com> | 2015-11-23 14:50:04 -0500 |
|---|---|---|
| committer | Petr Vobornik <pvoborni@redhat.com> | 2015-11-27 15:58:51 +0100 |
| commit | f12f56fe8d607240efd7e8c8a942554bdd3b980f (patch) | |
| tree | 5a4f14fa896d95bb784bd5d6ef83b2e21d4af93a /ipa-client/man/ipa-getkeytab.1 | |
| parent | c688954c27c219cb18aff968fc1f510afff93981 (diff) | |
| download | freeipa-f12f56fe8d607240efd7e8c8a942554bdd3b980f.tar.gz freeipa-f12f56fe8d607240efd7e8c8a942554bdd3b980f.tar.xz freeipa-f12f56fe8d607240efd7e8c8a942554bdd3b980f.zip | |
Support sourcing the IPA server name from config
Use ding-libs to parse /etc/ipa/default.conf to find the IPA server
to contact by default.
Signed-off-by: Simo Sorce <simo@redhat.com>
Ticket: https://fedorahosted.org/freeipa/ticket/2203
Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
Diffstat (limited to 'ipa-client/man/ipa-getkeytab.1')
| -rw-r--r-- | ipa-client/man/ipa-getkeytab.1 | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/ipa-client/man/ipa-getkeytab.1 b/ipa-client/man/ipa-getkeytab.1 index bb84ad8f2..1c270729e 100644 --- a/ipa-client/man/ipa-getkeytab.1 +++ b/ipa-client/man/ipa-getkeytab.1 @@ -21,7 +21,7 @@ .SH "NAME" ipa\-getkeytab \- Get a keytab for a Kerberos principal .SH "SYNOPSIS" -ipa\-getkeytab \fB\-s\fR \fIipaserver\fR \fB\-p\fR \fIprincipal\-name\fR \fB\-k\fR \fIkeytab\-file\fR [ \fB\-e\fR encryption\-types ] [ \fB\-q\fR ] [ \fB\-D\fR|\fB\-\-binddn\fR \fIBINDDN\fR ] [ \fB\-w|\-\-bindpw\fR ] [ \fB\-P\fR|\fB\-\-password\fR \fIPASSWORD\fR ] [ \fB\-r\fR ] +ipa\-getkeytab \fB\-p\fR \fIprincipal\-name\fR \fB\-k\fR \fIkeytab\-file\fR [ \fB\-e\fR \fIencryption\-types\fR ] [ \fB\-s\fR \fIipaserver\fR ] [ \fB\-q\fR ] [ \fB\-D\fR|\fB\-\-binddn\fR \fIBINDDN\fR ] [ \fB\-w|\-\-bindpw\fR ] [ \fB\-P\fR|\fB\-\-password\fR \fIPASSWORD\fR ] [ \fB\-r\fR ] .SH "DESCRIPTION" Retrieves a Kerberos \fIkeytab\fR. @@ -50,9 +50,6 @@ This renders all other keytabs for that principal invalid. This is used during IPA client enrollment to retrieve a host service principal and store it in /etc/krb5.keytab. It is possible to retrieve the keytab without Kerberos credentials if the host was pre\-created with a one\-time password. The keytab can be retrieved by binding as the host and authenticating with this one\-time password. The \fB\-D|\-\-binddn\fR and \fB\-w|\-\-bindpw\fR options are used for this authentication. .SH "OPTIONS" .TP -\fB\-s ipaserver\fR -The IPA server to retrieve the keytab from (FQDN). -.TP \fB\-p principal\-name\fR The non\-realm part of the full principal name. .TP @@ -73,6 +70,11 @@ des\-hmac\-sha1 des\-cbc\-md5 des\-cbc\-crc .TP +\fB\-s ipaserver\fR +The IPA server to retrieve the keytab from (FQDN). If this option is not +provided the server name is read from the IPA configuration file +(/etc/ipa/default.conf) +.TP \fB\-q\fR Quiet mode. Only errors are displayed. .TP @@ -105,7 +107,7 @@ keytab must have access to the keys for this operation to succeed. Add and retrieve a keytab for the NFS service principal on the host foo.example.com and save it in the file /tmp/nfs.keytab and retrieve just the des\-cbc\-crc key. - # ipa\-getkeytab \-s ipaserver.example.com \-p nfs/foo.example.com \-k /tmp/nfs.keytab \-e des\-cbc\-crc + # ipa\-getkeytab \-p nfs/foo.example.com \-k /tmp/nfs.keytab \-e des\-cbc\-crc Add and retrieve a keytab for the ldap service principal on the host foo.example.com and save it in the file /tmp/ldap.keytab. |