ipa-server-install: deprecate manual setting of master KDC password

Option '-P' was used in older version of FreeIPA to set up KDC master password during server install. This is no longer neccessary or desirable since the password of sufficient strength can be generated automatically during installation. https://fedorahosted.org/freeipa/ticket/4516 Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
2025-02-25 18:55:28 -06:00 · 2015-03-31 10:02:52 +02:00 · 2015-03-31 10:02:52 +02:00 · 059a4c1887
commit 059a4c1887
parent 83e2552cdd
2 changed files with 12 additions and 4 deletions
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@ -167,7 +167,7 @@ def parse_options():
                      sensitive=True, help="Directory Manager password")
    basic_group.add_option("-P", "--master-password",
                      dest="master_password", sensitive=True,
-                      help="kerberos master password (normally autogenerated)")
+                      help=SUPPRESS_HELP)
    basic_group.add_option("-a", "--admin-password",
                      sensitive=True, dest="admin_password",
                      help="admin user kerberos password")
@ -698,6 +698,12 @@ def main():
    signal.signal(signal.SIGTERM, signal_handler)
    signal.signal(signal.SIGINT, signal_handler)

+    if options.master_password:
+        msg = ("WARNING:\noption '-P/--master-password' is deprecated. "
+               "KDC master password of sufficient strength is autogenerated "
+               "during IPA server installation and should not be set "
+               "manually.")
+        print textwrap.fill(msg, width=79, replace_whitespace=False)
    if options.uninstall:
        uninstalling = True
        standard_logging_setup(paths.IPASERVER_UNINSTALL_LOG, debug=options.debug)
--- a/install/tools/man/ipa-server-install.1
+++ b/install/tools/man/ipa-server-install.1
@ -36,9 +36,6 @@ Your DNS domain name
 \fB\-p\fR \fIDM_PASSWORD\fR, \fB\-\-ds\-password\fR=\fIDM_PASSWORD\fR
 The password to be used by the Directory Server for the Directory Manager user
 .TP
-\fB\-P\fR \fIMASTER_PASSWORD\fR, \fB\-\-master\-password\fR=\fIMASTER_PASSWORD\fR
-The kerberos master password (normally autogenerated)
-.TP
 \fB\-a\fR \fIADMIN_PASSWORD\fR, \fB\-\-admin\-password\fR=\fIADMIN_PASSWORD\fR
 The password for the IPA admin user
 .TP
@ -176,6 +173,11 @@ Uninstall an existing IPA installation
 \fB\-U\fR, \fB\-\-unattended\fR
 An unattended uninstallation that will never prompt for user input

+.SH "DEPRECATED OPTIONS"
+.TP
+\fB\-P\fR \fIMASTER_PASSWORD\fR, \fB\-\-master\-password\fR=\fIMASTER_PASSWORD\fR
+The kerberos master password (normally autogenerated).
+
 .SH "EXIT STATUS"
 0 if the (un)installation was successful