mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-25 08:21:05 -06:00
Update available options and descriptions in client man pages
This commit is contained in:
parent
3b4c4acfd2
commit
889cf124d8
@ -24,7 +24,9 @@ ipa\-client\-install [\fIOPTION\fR]...
|
|||||||
.SH "DESCRIPTION"
|
.SH "DESCRIPTION"
|
||||||
Configures a client machine to use IPA for authentication and identity services.
|
Configures a client machine to use IPA for authentication and identity services.
|
||||||
|
|
||||||
This configures PAM and NSS (Name Switching Service) to work with an IPA server over Kerberos and LDAP.
|
By default this configures SSSD to connect to an IPA server for authentication and authorization. Optionally one can instead configure PAM and NSS (Name Switching Service) to work with an IPA server over Kerberos and LDAP.
|
||||||
|
|
||||||
|
An authorized user is required to join a client machine to IPA. This can take the form of a kerberos principal or a one-time password associated with the machine.
|
||||||
.SH "OPTIONS"
|
.SH "OPTIONS"
|
||||||
.TP
|
.TP
|
||||||
\fB\-\-domain\fR=\fIDOMAIN\fR
|
\fB\-\-domain\fR=\fIDOMAIN\fR
|
||||||
@ -46,9 +48,28 @@ Print debugging information to stdout
|
|||||||
Unattended installation. The user will not be prompted.
|
Unattended installation. The user will not be prompted.
|
||||||
.TP
|
.TP
|
||||||
\fB\-N\fR, \fB\-\-no\-ntp\fR
|
\fB\-N\fR, \fB\-\-no\-ntp\fR
|
||||||
Do not configure or enable NTP
|
Do not configure or enable NTP.
|
||||||
|
.TP
|
||||||
|
\fB\-S\fR, \fB\-\-no\-sssd\fR
|
||||||
|
Do not configure the client to use SSSD for authentication, use nss_ldap instead.
|
||||||
|
.TP
|
||||||
\fB\-\-on\-master\fB
|
\fB\-\-on\-master\fB
|
||||||
The client is being configured on an IPA server
|
The client is being configured on an IPA server.
|
||||||
|
.TP
|
||||||
|
\fB\-w\fR, \fB\-\-password\fR
|
||||||
|
Password for joining a machine to the IPA realm.
|
||||||
|
.TP
|
||||||
|
\fB\-W\fR
|
||||||
|
Prompt for the password for joining a machine to the IPA realm.
|
||||||
|
.TP
|
||||||
|
\fB\-p\fR, \fB\-\-principal\fR
|
||||||
|
Principal to use to join the IPA realm.
|
||||||
|
.TP
|
||||||
|
\fB\-\-permit\fR
|
||||||
|
Set the SSSD access rules to permit all access. Otherwise the machine will be controlled by the Host-based Access Controls on the IPA server.
|
||||||
|
.TP
|
||||||
|
\fB\-\-uninstall\fR
|
||||||
|
Remove the IPA client software and restore the configuration to the pre-IPA state.
|
||||||
.SH "EXIT STATUS"
|
.SH "EXIT STATUS"
|
||||||
0 if the installation was successful
|
0 if the installation was successful
|
||||||
|
|
||||||
|
@ -20,7 +20,7 @@
|
|||||||
.SH "NAME"
|
.SH "NAME"
|
||||||
ipa\-join \- Join a machine to an IPA realm and get a keytab for the host service principal
|
ipa\-join \- Join a machine to an IPA realm and get a keytab for the host service principal
|
||||||
.SH "SYNOPSIS"
|
.SH "SYNOPSIS"
|
||||||
ipa\-join [ \fB\-h\fR hostname ] [ \fB\-k\fR keytab\-file ] [ \fB\-w\fR bulk\-bind\-password ] [ \fB\-d\fR ] [ \fB\-q\fR ]
|
ipa\-join [ \fB\-h\fR hostname ] [ \fB\-k\fR keytab\-file ] [ \fB\-s\fR server ] [ \fB\-w\fR bulk\-bind\-password ] [ \fB\-d\fR ] [ \fB\-q\fR ]
|
||||||
|
|
||||||
.SH "DESCRIPTION"
|
.SH "DESCRIPTION"
|
||||||
Joins a host to an IPA realm and retrieves a kerberos \fIkeytab\fR for the host service principal.
|
Joins a host to an IPA realm and retrieves a kerberos \fIkeytab\fR for the host service principal.
|
||||||
@ -29,19 +29,35 @@ Kerberos keytabs are used for services (like sshd) to perform kerberos authentic
|
|||||||
|
|
||||||
The ipa\-join command will create and retrieve a service principal for host/foo.example.com@EXAMPLE.COM and place it by default into /etc/krb5.keytab. The location can be overridden with the \-k option.
|
The ipa\-join command will create and retrieve a service principal for host/foo.example.com@EXAMPLE.COM and place it by default into /etc/krb5.keytab. The location can be overridden with the \-k option.
|
||||||
|
|
||||||
The IPA server to contact is set in /etc/ipa/default.conf
|
The IPA server to contact is set in /etc/ipa/default.conf by default and can be overridden using the -s,--server option.
|
||||||
|
|
||||||
|
In order to join the machine needs to be authenticated. This can happen in one of two ways:
|
||||||
|
|
||||||
|
* Authenticate using the current kerberos principal
|
||||||
|
|
||||||
|
* Provide a password to authenticate with
|
||||||
|
|
||||||
|
If a client host has already been joined to the IPA realm the ipa-join command will fail. The host will need to be removed from the server using `ipa host-del FQDN` in order to join the client to the realm.
|
||||||
|
|
||||||
|
This command is normally executed by the ipa-client-install command as part of the enrollment process.
|
||||||
.SH "OPTIONS"
|
.SH "OPTIONS"
|
||||||
.TP
|
.TP
|
||||||
\fB\-h hostname\fR
|
\fB\-h,--hostname hostname\fR
|
||||||
The hostname of this server (FQDN). By default of nodename from uname(2) is used.
|
The hostname of this server (FQDN). By default of nodename from uname(2) is used.
|
||||||
.TP
|
.TP
|
||||||
\fB\-k keytab\-file\fR
|
\fB\-s,--server server\fR
|
||||||
|
The hostname of this server (FQDN). By default of nodename from uname(2) is used.
|
||||||
|
.TP
|
||||||
|
\fB\-k,--keytab keytab\-file\fR
|
||||||
The keytab file where to append the new key (will be created if it does not exist). Default: /etc/krb5.keytab
|
The keytab file where to append the new key (will be created if it does not exist). Default: /etc/krb5.keytab
|
||||||
.TP
|
.TP
|
||||||
\fB\-q\fR
|
\fB\-w,--bindpw password\fR
|
||||||
|
The password to use if not using kerberos to authenticate
|
||||||
|
.TP
|
||||||
|
\fB\-q,--quiet\fR
|
||||||
Quiet mode. Only errors are displayed.
|
Quiet mode. Only errors are displayed.
|
||||||
.TP
|
.TP
|
||||||
\fB\-d\fR
|
\fB\-d,--debug\fR
|
||||||
Debug mode.
|
Debug mode.
|
||||||
.SH "EXAMPLES"
|
.SH "EXAMPLES"
|
||||||
Join IPA domain and retrieve a keytab with kerberos credentials.
|
Join IPA domain and retrieve a keytab with kerberos credentials.
|
||||||
|
@ -54,8 +54,7 @@ the entry from the local keytab.
|
|||||||
The non\-realm part of the full principal name.
|
The non\-realm part of the full principal name.
|
||||||
.TP
|
.TP
|
||||||
\fB\-k keytab\-file\fR
|
\fB\-k keytab\-file\fR
|
||||||
The keytab file where to append the new key (will be
|
The keytab file to append the principal(s) from.
|
||||||
created if it does not exist).
|
|
||||||
.TP
|
.TP
|
||||||
\fB\-r realm\fR
|
\fB\-r realm\fR
|
||||||
A realm to remove all principals for.
|
A realm to remove all principals for.
|
||||||
@ -67,13 +66,13 @@ Remove the NFS service principal on the host foo.example.com from /tmp/nfs.keyta
|
|||||||
|
|
||||||
# ipa\-rmkeytab \-p nfs/foo.example.com \-k /tmp/nfs.keytab
|
# ipa\-rmkeytab \-p nfs/foo.example.com \-k /tmp/nfs.keytab
|
||||||
|
|
||||||
Remove the ldap service principal onthe host foo.example.com from /etc/krb5.keytab.
|
Remove the ldap service principal on the host foo.example.com from /etc/krb5.keytab.
|
||||||
|
|
||||||
# ipa\-rmkeytab \-p ldap/foo.example.com \-k /tmp/ldap.keytab
|
# ipa\-rmkeytab \-p ldap/foo.example.com \-k /etc/krb5.keytab
|
||||||
|
|
||||||
Remove all principals for the realm EXAMPLE.COM.
|
Remove all principals for the realm EXAMPLE.COM.
|
||||||
|
|
||||||
# ipa\-rmkeytab \-r EXAMPLE.COM \-k /tmp/ldap.keytab
|
# ipa\-rmkeytab \-r EXAMPLE.COM \-k /etc/krb5.keytab
|
||||||
.SH "EXIT STATUS"
|
.SH "EXIT STATUS"
|
||||||
The exit status is 0 on success, nonzero on error.
|
The exit status is 0 on success, nonzero on error.
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user