diff --git a/install/tools/man/ipa-dns-install.1 b/install/tools/man/ipa-dns-install.1 index 5871168a4..f6f99c125 100644 --- a/install/tools/man/ipa-dns-install.1 +++ b/install/tools/man/ipa-dns-install.1 @@ -25,24 +25,27 @@ ipa\-dns\-install [\fIOPTION\fR]... Adds DNS as an IPA\-managed service. This requires that the IPA server is already installed and configured. .SH "OPTIONS" .TP -\fB\-p\fR DM_PASSWORD\fR, \fB\-\-ds\-password\fR=\fIDM_PASSWORD\fR +\fB\-p\fR \fIDM_PASSWORD\fR, \fB\-\-ds\-password\fR=\fIDM_PASSWORD\fR The password to be used by the Directory Server for the Directory Manager user .TP +\fB\-d\fR, \fB\-\-debug\fR +Enable debug logging when more verbose output is needed +.TP \fB\-\-ip\-address\fR=\fIIP_ADDRESS\fR The IP address of the IPA server. If not provided then this is determined based on the hostname of the server. .TP -\fB\-\-forwarders\fR=\fIFORWARDERS\fR -A forwarder is a DNS server where queries for a specific non\-resolvable address can be directed. To define multiple forwarders use mutliple instances of \fB\-\-forwarders\fR +\fB\-\-forwarder\fR=\fIFORWARDER\fR +A forwarder is a DNS server where queries for a specific non\-resolvable address can be directed. To define multiple forwarders use multiple instances of \fB\-\-forwarder\fR .TP -\fB\-\-noforwarders\fR +\fB\-\-no\-forwarders\fR Do not add any DNS forwarders, send non\-resolvable addresses to the DNS root servers. .TP +\fB\-\-no\-reverse\fR +Do not create reverse DNS zone +.TP \fB\-\-zonemgr\fR The e\-mail address of the DNS zone manager. Defaults too root@host.domain .TP -\fB\-d\fR, \fB\-\-debug\fR -Enable debug logging when more verbose output is needed -.TP \fB\-U\fR, \fB\-\-unattended\fR An unattended installation that will never prompt for user input .SH "EXIT STATUS" diff --git a/install/tools/man/ipa-replica-install.1 b/install/tools/man/ipa-replica-install.1 index a9a217f24..3ee304224 100644 --- a/install/tools/man/ipa-replica-install.1 +++ b/install/tools/man/ipa-replica-install.1 @@ -27,12 +27,12 @@ Configures a new IPA server that is a replica of the server that generated it. O The replica_file is created using the ipa\-replica\-prepare utility. .SH "OPTIONS" .TP +\fB\-N\fR, \fB\-\-no\-ntp\fR +Do not configure NTP +.TP \fB\-d\fR, \fB\-\-debug Enable debug logging when more verbose output is needed .TP -\fB\-n\fR, \fB\-\-no\-ntp\fR -Do not configure NTP -.TP \fB\-p\fR, \fB\-\-password\fR=\fIDM_PASSWORD\fR Directory Manager (existing master) password .TP @@ -49,8 +49,17 @@ the \fB\-\-no\-forwarders\fR option is specified. \fB\-\-no\-forwarders\fR Do not add any DNS forwarders. Root DNS servers will be used instead. .TP +\fB\-\-no\-reverse\fR +Do not create reverse DNS zone +.TP \fB\-\-no\-host\-dns\fR Do not use DNS for hostname lookup during installation +.TP +\fB\-\-no\-pkinit\fR +Disables pkinit setup steps +.TP +\fB\-U\fR, \fB\-\-unattended\fR +An unattended installation that will never prompt for user input .SH "EXIT STATUS" 0 if the command was successful diff --git a/install/tools/man/ipa-replica-manage.1 b/install/tools/man/ipa-replica-manage.1 index 6c243cab6..dba5bc534 100644 --- a/install/tools/man/ipa-replica-manage.1 +++ b/install/tools/man/ipa-replica-manage.1 @@ -43,19 +43,19 @@ Manages the replication agreements of an IPA server. \- Immediately flush any data to be replicated from a server specified with the --from option .SH "OPTIONS" .TP -\fB\-H HOST\fR, \fB\-\-host\fR=\fIHOST\fR +\fB\-H\fR \fIHOST\fR, \fB\-\-host\fR=\fIHOST\fR The IPA server to manage. The default is the machine on which the command is run Not honoured by the re-initialize command. .TP -\fB\-p DM_PASSWORD\fR, \fB\-\-password\fR=\fIDM_PASSWORD\fR +\fB\-p\fR \fIDM_PASSWORD\fR, \fB\-\-password\fR=\fIDM_PASSWORD\fR The Directory Manager password to use for authentication .TP \fB\-v\fR, \fB\-\-verbose\fR Provide additional information .TP -\fB\-\-winsync\fR -Specifies to create/use a Windows Sync Agreement +\fB\-f\fR, \fB\-\-force\fR +Ignore some types of errors .TP \fB\-\-binddn\fR=\fIADMIN_DN\fR Bind DN to use with remote server (default is cn=Directory Manager) \- Be careful to quote this value on the command line @@ -63,6 +63,9 @@ Bind DN to use with remote server (default is cn=Directory Manager) \- Be carefu \fB\-\-bindpw\fR=\fIADMIN_PWD\fR Password for Bind DN to use with remote server (default is the DM_PASSWORD above) .TP +\fB\-\-winsync\fR +Specifies to create/use a Windows Sync Agreement +.TP \fB\-\-cacert\fR=\fI/path/to/cacertfile\fR Full path and filename of CA certificate to use with TLS/SSL to the remote server \- this CA certificate will be installed in the directory server's certificate database .TP diff --git a/install/tools/man/ipa-replica-prepare.1 b/install/tools/man/ipa-replica-prepare.1 index 115c102d6..88da6f4fe 100644 --- a/install/tools/man/ipa-replica-prepare.1 +++ b/install/tools/man/ipa-replica-prepare.1 @@ -45,8 +45,20 @@ The password of the Directory Server PKCS#12 file \fB\-\-http_pin\fR=\fIHTTP_PIN\fR The password of the Apache Server PKCS#12 file .TP +\fB\-\-pkinit_pin\fR=\fIPKINIT_PIN\fR +The password of the Apache Server PKCS#12 file +.TP +\fB\-p\fR \fIDM_PASSWORD\fR, \fB\-\-password\fR=\fIDM_PASSWORD\fR +Directory Manager (existing master) password +.TP \fB\-\-ip\-address\fR=\fIIP_ADDRESS\fR IP address of the replica server. If you provide this option, the A and PTR records will be added to the DNS. +.TP +\fB\-\-ca\fR=\fICA_FILE\fR +Location of CA PKCS#12 file, default /root/cacert.p12 +.TP +\fB\-\-no\-pkinit\fR +Disables pkinit setup steps .SH "EXIT STATUS" 0 if the command was successful diff --git a/install/tools/man/ipa-server-install.1 b/install/tools/man/ipa-server-install.1 index cae821a2f..40d86e70e 100644 --- a/install/tools/man/ipa-server-install.1 +++ b/install/tools/man/ipa-server-install.1 @@ -25,22 +25,19 @@ ipa\-server\-install [\fIOPTION\fR]... Configures the services needed by an IPA server. This includes setting up a Kerberos Key Distribution Center (KDC) with an LDAP back\-end, configuring Apache, configuring NTP and starting the ipa_kpasswd service provided by IPA. By default a dogtag\-based CA will be configured to issue server certificates. .SH "OPTIONS" .TP -\fB\-u\fR, \fB\-\-user\fR=\fIDS_USER\fR -The user that the Directory Server will run as -.TP -\fB\-r\fR, \fB\-\-realm\fR=\fIREALM_NAME\fR +\fB\-r\fR \fIREALM_NAME\fR, \fB\-\-realm\fR=\fIREALM_NAME\fR The Kerberos realm name for the IPA server .TP -\fB\-n\fR, \fB\-\-domain\fR=\fIDOMAIN_NAME\fR +\fB\-n\fR \fIDOMAIN_NAME\fR, \fB\-\-domain\fR=\fIDOMAIN_NAME\fR Your DNS domain name .TP -\fB\-p\fR, \fB\-\-ds\-password\fR=\fIDM_PASSWORD\fR +\fB\-p\fR \fIDM_PASSWORD\fR, \fB\-\-ds\-password\fR=\fIDM_PASSWORD\fR The password to be used by the Directory Server for the Directory Manager user .TP -\fB\-P\fR, \fB\-\-master\-password\fR=\fIMASTER_PASSWORD\fR +\fB\-P\fR \fIMASTER_PASSWORD\fR, \fB\-\-master\-password\fR=\fIMASTER_PASSWORD\fR The kerberos master password (normally autogenerated) .TP -\fB\-a\fR, \fB\-\-admin\-password\fR=\fIADMIN_PASSWORD\fR +\fB\-a\fR \fIADMIN_PASSWORD\fR, \fB\-\-admin\-password\fR=\fIADMIN_PASSWORD\fR The password for the IPA admin user .TP \fB\-d\fR, \fB\-\-debug\fR @@ -49,15 +46,21 @@ Enable debug logging when more verbose output is needed \fB\-\-selfsign\fR Configure a self\-signed CA instance for issuing server certificates instead of using dogtag for certificates .TP +\fB\-\-external\-ca\fR +Generate a CSR to be signed by an external CA +.TP +\fB\-\-external_cert_file\fR=\fIFILE\fR +File containing PKCS#10 certificate +.TP +\fB\-\-external_ca_file\fR=\fIFILE\fR +File containing PKCS#10 of the external CA chain +.TP \fB\-\-hostname\fR=\fIHOST_NAME\fR The fully\-qualified DNS name of this server .TP \fB\-\-ip\-address\fR=\fIIP_ADDRESS\fR The IP address of this server. If this address does not match the address the host resolves to and --setup-dns is not selected the installation will fail. .TP -\fB\-U\fR, \fB\-\-unattended\fR -An unattended installation that will never prompt for user input -.TP \fB\-\-setup\-dns\fR Generate a DNS zone if it does not exist already and configure the DNS server. This option requires that you either specify at least one DNS forwarder through @@ -76,17 +79,23 @@ the \fB\-\-no\-forwarders\fR option is specified. \fB\-\-no\-forwarders\fR Do not add any DNS forwarders. Root DNS servers will be used instead. .TP +\fB\-\-no\-reverse\fR +Do not create reverse DNS zone +.TP \fB\-\-zonemgr\fR The e\-mail address of the DNS zone manager. Defaults to root@host.domain .TP -\fB\-\-no\-host\-dns\fR -Do not use DNS for hostname lookup during installation +\fB\-U\fR, \fB\-\-unattended\fR +An unattended installation that will never prompt for user input +.TP +\fB\-\-uninstall\fR +Uninstall an existing IPA installation .TP \fB\-N\fR, \fB\-\-no\-ntp\fR Do not configure NTP .TP -\fB\-\-uninstall\fR -Uninstall an existing IPA installation +\fB\-\-no\-pkinit\fR +Disables pkinit setup steps .TP \fB\-\-dirsrv_pkcs12\fR=\fIFILE\fR PKCS#12 file containing the Directory Server SSL Certificate @@ -94,12 +103,21 @@ PKCS#12 file containing the Directory Server SSL Certificate \fB\-\-http_pkcs12\fR=\fIFILE\fR PKCS#12 file containing the Apache Server SSL Certificate .TP +\fB\-\-pkinit_pkcs12\fR=\fIFILE\fR +PKCS#12 file containing the Kerberos KDC SSL certificate +.TP \fB\-\-dirsrv_pin\fR=\fIDIRSRV_PIN\fR The password of the Directory Server PKCS#12 file .TP \fB\-\-http_pin\fR=\fIHTTP_PIN\fR The password of the Apache Server PKCS#12 file .TP +\fB\-\-pkinit_pin\fR=\fIPKINIT_PIN\fR +The password of the Kerberos KDC PKCS#12 file +.TP +\fB\-\-no\-host\-dns\fR +Do not use DNS for hostname lookup during installation +.TP \fB\-\-idstart\fR=\fIIDSTART\fR The starting user and group id number (default random) .TP diff --git a/ipa-client/man/ipa-client-install.1 b/ipa-client/man/ipa-client-install.1 index 07f08ed24..40d53a872 100644 --- a/ipa-client/man/ipa-client-install.1 +++ b/ipa-client/man/ipa-client-install.1 @@ -40,9 +40,6 @@ Set the IPA server to connect to \fB\-\-realm\fR=\fIREALM_NAME\fR Set the IPA realm name to REALM_NAME .TP -\fB\-\-hostname\fR -The hostname of this server (FQDN). By default of nodename from uname(2) is used. -.TP \fB\-f\fR, \fB\-\-force\fR Force the settings even if errors occur .TP @@ -52,15 +49,15 @@ Print debugging information to stdout \fB\-U\fR, \fB\-\-unattended\fR Unattended installation. The user will not be prompted. .TP -\fB\-N\fR, \fB\-\-no\-ntp\fR -Do not configure or enable NTP. -.TP \fB\-\-ntp\-server\fR=\fINTP_SERVER\fR Configure ntpd to use this NTP server. .TP \fB\-S\fR, \fB\-\-no\-sssd\fR Do not configure the client to use SSSD for authentication, use nss_ldap instead. .TP +\fB\-N\fR, \fB\-\-no\-ntp\fR +Do not configure or enable NTP. +.TP \fB\-w\fR \fIPASSWORD\fR, \fB\-\-password\fR=\fIPASSWORD\fR Password for joining a machine to the IPA realm. Assumes bulk password unless principal is also set. .TP @@ -74,11 +71,14 @@ Authorized kerberos principal to use to join the IPA realm. Configure SSSD to permit all access. Otherwise the machine will be controlled by the Host\-based Access Controls (HBAC) on the IPA server. .TP \fB\-\-mkhomedir\fR -Configure pam to create a users home directory if it does not exist. +Configure PAM to create a users home directory if it does not exist. .TP \fB\-\-uninstall\fR Remove the IPA client software and restore the configuration to the pre\-IPA state. .TP +\fB\-\-hostname\fR +The hostname of this server (FQDN). By default of nodename from uname(2) is used. +.TP \fB\-\-enable\-dns\-updates\fR This option tells SSSD to automatically update DNS with the IP address of this client. .SH "EXIT STATUS"