From a7ccc198a731d0e48319a73bcb2dd98c34de262a Mon Sep 17 00:00:00 2001
From: Tomas Babej <tbabej@redhat.com>
Date: Mon, 18 Mar 2013 11:06:22 +0100
Subject: Allow host re-enrollment using delegation

A new option --force-join has been added to ipa-client-install.
It forces the host enrollment even if the host entry exists.
Old certificate is revoked, new certificate and ssh key pair
generated. See the relevant design for the re-enrollment part:
http://freeipa.org/page/V3/Forced_client_re-enrollment

https://fedorahosted.org/freeipa/ticket/3482
---
 ipa-client/ipa-install/ipa-client-install | 5 +++++
 ipa-client/man/ipa-client-install.1       | 5 ++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/ipa-client/ipa-install/ipa-client-install b/ipa-client/ipa-install/ipa-client-install
index f1b2c1887..6be4a9013 100755
--- a/ipa-client/ipa-install/ipa-client-install
+++ b/ipa-client/ipa-install/ipa-client-install
@@ -111,6 +111,9 @@ def parse_options():
                       help="The hostname of this machine (FQDN). If specified, the hostname will be set and "
                            "the system configuration will be updated to persist over reboot. "
                            "By default a nodename result from uname(2) is used.")
+    basic_group.add_option("", "--force-join", dest="force_join",
+                      action="store_true", default=False,
+                      help="Force client enrollment even if already enrolled")
     basic_group.add_option("--ntp-server", dest="ntp_server", help="ntp server to use")
     basic_group.add_option("-N", "--no-ntp", action="store_false",
                       help="do not configure ntp", default=True, dest="conf_ntp")
@@ -1989,6 +1992,8 @@ def install(options, env, fstore, statestore):
             if options.hostname:
                 join_args.append("-h")
                 join_args.append(options.hostname)
+            if options.force_join:
+                join_args.append("-f")
             if options.principal is not None:
                 stdin = None
                 principal = options.principal
diff --git a/ipa-client/man/ipa-client-install.1 b/ipa-client/man/ipa-client-install.1
index 8a77a113a..d98318eed 100644
--- a/ipa-client/man/ipa-client-install.1
+++ b/ipa-client/man/ipa-client-install.1
@@ -77,7 +77,7 @@ Password for joining a machine to the IPA realm. Assumes bulk password unless pr
 Prompt for the password for joining a machine to the IPA realm.
 .TP
 \fB\-k\fR, \fB\-\-keytab\fR
-Path to backed up host keytab from previous enrollment.
+Path to backed up host keytab from previous enrollment. Joins the host even if it is already enrolled.
 .TP
 \fB\-\-mkhomedir\fR
 Configure PAM to create a users home directory if it does not exist.
@@ -85,6 +85,9 @@ Configure PAM to create a users home directory if it does not exist.
 \fB\-\-hostname\fR
 The hostname of this machine (FQDN). If specified, the hostname will be set and the system configuration will be updated to persist over reboot. By default a nodename result from uname(2) is used.
 .TP
+\fB\-\-force\-join\fR
+Join the host even if it is already enrolled.
+.TP
 \fB\-\-ntp\-server\fR=\fINTP_SERVER\fR
 Configure ntpd to use this NTP server.
 .TP
-- 
cgit