mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
Ensure ipa-adtrust-install is run with Kerberos ticket for admin user
When setting up AD trusts support, ipa-adtrust-install utility
needs to be run as:
- root, for performing Samba configuration and using LDAPI/autobind
- kinit-ed IPA admin user, to ensure proper ACIs are granted to
fetch keytab
As result, we can get rid of Directory Manager credentials in ipa-adtrust-install
https://fedorahosted.org/freeipa/ticket/2815
This commit is contained in:
Alexander Bokovoy
committed by
Martin Kosek
Martin Kosek
parent
16ca564b10
commit
68d5fe1ec7
@@ -27,9 +27,6 @@ trust to an Active Directory domain. This requires that the IPA server is
|
||||
already installed and configured.
|
||||
.SH "OPTIONS"
|
||||
.TP
|
||||
\fB\-p\fR \fIDM_PASSWORD\fR, \fB\-\-ds\-password\fR=\fIDM_PASSWORD\fR
|
||||
The password to be used by the Directory Server for the Directory Manager user
|
||||
.TP
|
||||
\fB\-d\fR, \fB\-\-debug\fR
|
||||
Enable debug logging when more verbose output is needed
|
||||
.TP
|
||||
|
||||
Reference in New Issue
Block a user