summaryrefslogtreecommitdiffstats
path: root/ipa-client/man/ipa-getkeytab.1
diff options
context:
space:
mode:
Diffstat (limited to 'ipa-client/man/ipa-getkeytab.1')
-rw-r--r--ipa-client/man/ipa-getkeytab.18
1 files changed, 7 insertions, 1 deletions
diff --git a/ipa-client/man/ipa-getkeytab.1 b/ipa-client/man/ipa-getkeytab.1
index ce62d9d09..bb84ad8f2 100644
--- a/ipa-client/man/ipa-getkeytab.1
+++ b/ipa-client/man/ipa-getkeytab.1
@@ -21,7 +21,7 @@
.SH "NAME"
ipa\-getkeytab \- Get a keytab for a Kerberos principal
.SH "SYNOPSIS"
-ipa\-getkeytab \fB\-s\fR \fIipaserver\fR \fB\-p\fR \fIprincipal\-name\fR \fB\-k\fR \fIkeytab\-file\fR [ \fB\-e\fR encryption\-types ] [ \fB\-q\fR ] [ \fB\-D\fR|\fB\-\-binddn\fR \fIBINDDN\fR ] [ \fB\-w|\-\-bindpw\fR ] [ \fB\-P\fR|\fB\-\-password\fR \fIPASSWORD\fR ]
+ipa\-getkeytab \fB\-s\fR \fIipaserver\fR \fB\-p\fR \fIprincipal\-name\fR \fB\-k\fR \fIkeytab\-file\fR [ \fB\-e\fR encryption\-types ] [ \fB\-q\fR ] [ \fB\-D\fR|\fB\-\-binddn\fR \fIBINDDN\fR ] [ \fB\-w|\-\-bindpw\fR ] [ \fB\-P\fR|\fB\-\-password\fR \fIPASSWORD\fR ] [ \fB\-r\fR ]
.SH "DESCRIPTION"
Retrieves a Kerberos \fIkeytab\fR.
@@ -95,6 +95,12 @@ The LDAP DN to bind as when retrieving a keytab without Kerberos credentials. Ge
.TP
\fB\-w, \-\-bindpw\fR
The LDAP password to use when not binding with Kerberos.
+.TP
+\fB\-r\fR
+Retrieve mode. Retrieve an existing key from the server instead of generating a
+new one. This is incompatibile with the \-\-password option, and will work only
+against a FreeIPA server more recent than version 3.3. The user requesting the
+keytab must have access to the keys for this operation to succeed.
.SH "EXAMPLES"
Add and retrieve a keytab for the NFS service principal on
the host foo.example.com and save it in the file /tmp/nfs.keytab and retrieve just the des\-cbc\-crc key.