From 059a4c188760ec7360ccb68a5c8a292afb21d35e Mon Sep 17 00:00:00 2001 From: Martin Babinsky Date: Tue, 31 Mar 2015 10:02:52 +0200 Subject: ipa-server-install: deprecate manual setting of master KDC password Option '-P' was used in older version of FreeIPA to set up KDC master password during server install. This is no longer neccessary or desirable since the password of sufficient strength can be generated automatically during installation. https://fedorahosted.org/freeipa/ticket/4516 Reviewed-By: Petr Vobornik --- install/tools/ipa-server-install | 8 +++++++- install/tools/man/ipa-server-install.1 | 8 +++++--- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 1fe5bd9ea..c74d15f8f 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -167,7 +167,7 @@ def parse_options(): sensitive=True, help="Directory Manager password") basic_group.add_option("-P", "--master-password", dest="master_password", sensitive=True, - help="kerberos master password (normally autogenerated)") + help=SUPPRESS_HELP) basic_group.add_option("-a", "--admin-password", sensitive=True, dest="admin_password", help="admin user kerberos password") @@ -698,6 +698,12 @@ def main(): signal.signal(signal.SIGTERM, signal_handler) signal.signal(signal.SIGINT, signal_handler) + if options.master_password: + msg = ("WARNING:\noption '-P/--master-password' is deprecated. " + "KDC master password of sufficient strength is autogenerated " + "during IPA server installation and should not be set " + "manually.") + print textwrap.fill(msg, width=79, replace_whitespace=False) if options.uninstall: uninstalling = True standard_logging_setup(paths.IPASERVER_UNINSTALL_LOG, debug=options.debug) diff --git a/install/tools/man/ipa-server-install.1 b/install/tools/man/ipa-server-install.1 index e5224b110..1eaed7211 100644 --- a/install/tools/man/ipa-server-install.1 +++ b/install/tools/man/ipa-server-install.1 @@ -36,9 +36,6 @@ Your DNS domain name \fB\-p\fR \fIDM_PASSWORD\fR, \fB\-\-ds\-password\fR=\fIDM_PASSWORD\fR The password to be used by the Directory Server for the Directory Manager user .TP -\fB\-P\fR \fIMASTER_PASSWORD\fR, \fB\-\-master\-password\fR=\fIMASTER_PASSWORD\fR -The kerberos master password (normally autogenerated) -.TP \fB\-a\fR \fIADMIN_PASSWORD\fR, \fB\-\-admin\-password\fR=\fIADMIN_PASSWORD\fR The password for the IPA admin user .TP @@ -176,6 +173,11 @@ Uninstall an existing IPA installation \fB\-U\fR, \fB\-\-unattended\fR An unattended uninstallation that will never prompt for user input +.SH "DEPRECATED OPTIONS" +.TP +\fB\-P\fR \fIMASTER_PASSWORD\fR, \fB\-\-master\-password\fR=\fIMASTER_PASSWORD\fR +The kerberos master password (normally autogenerated). + .SH "EXIT STATUS" 0 if the (un)installation was successful -- cgit