mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-01-27 00:26:33 -06:00
Improve man pages structure
There are too many options in ipa-*-install scripts which makes it difficult to read. This patch adds subsections to install script online help and man pages to improve readability. No option has been changed. To further improve man pages: 1) All man pages were changed to have the same header and top-center title to provide united look. 2) Few typos in man pages have been fixed https://fedorahosted.org/freeipa/ticket/1687
This commit is contained in:
parent
9cd76c5bf9
commit
dc3d0f3879
@ -23,6 +23,7 @@ import socket
|
||||
|
||||
import os, pwd, traceback, logging, shutil
|
||||
import grp
|
||||
from optparse import OptionGroup
|
||||
|
||||
from ipapython import ipautil
|
||||
|
||||
@ -45,36 +46,45 @@ REPLICA_INFO_TOP_DIR=None
|
||||
def parse_options():
|
||||
usage = "%prog [options] REPLICA_FILE"
|
||||
parser = IPAOptionParser(usage=usage, version=version.VERSION)
|
||||
parser.add_option("-N", "--no-ntp", dest="conf_ntp", action="store_false",
|
||||
help="do not configure ntp", default=True)
|
||||
parser.add_option("-d", "--debug", dest="debug", action="store_true",
|
||||
default=False, help="gather extra debugging information")
|
||||
parser.add_option("-p", "--password", dest="password", sensitive=True,
|
||||
|
||||
basic_group = OptionGroup(parser, "basic options")
|
||||
basic_group.add_option("--setup-ca", dest="setup_ca", action="store_true",
|
||||
default=False, help="configure a dogtag CA")
|
||||
basic_group.add_option("-p", "--password", dest="password", sensitive=True,
|
||||
help="Directory Manager (existing master) password")
|
||||
parser.add_option("-w", "--admin-password", dest="admin_password", sensitive=True,
|
||||
basic_group.add_option("-w", "--admin-password", dest="admin_password", sensitive=True,
|
||||
help="Admin user Kerberos password used for connection check")
|
||||
parser.add_option("--setup-dns", dest="setup_dns", action="store_true",
|
||||
basic_group.add_option("-N", "--no-ntp", dest="conf_ntp", action="store_false",
|
||||
help="do not configure ntp", default=True)
|
||||
basic_group.add_option("--no-ui-redirect", dest="ui_redirect", action="store_false",
|
||||
default=True, help="Do not automatically redirect to the Web UI")
|
||||
basic_group.add_option("--skip-conncheck", dest="skip_conncheck", action="store_true",
|
||||
default=False, help="skip connection check to remote master")
|
||||
basic_group.add_option("-d", "--debug", dest="debug", action="store_true",
|
||||
default=False, help="gather extra debugging information")
|
||||
basic_group.add_option("-U", "--unattended", dest="unattended", action="store_true",
|
||||
default=False, help="unattended installation never prompts the user")
|
||||
parser.add_option_group(basic_group)
|
||||
|
||||
cert_group = OptionGroup(parser, "certificate system options")
|
||||
cert_group.add_option("--no-pkinit", dest="setup_pkinit", action="store_false",
|
||||
default=True, help="disables pkinit setup steps")
|
||||
parser.add_option_group(cert_group)
|
||||
|
||||
dns_group = OptionGroup(parser, "DNS options")
|
||||
dns_group.add_option("--setup-dns", dest="setup_dns", action="store_true",
|
||||
default=False, help="configure bind with our zone")
|
||||
parser.add_option("--forwarder", dest="forwarders", action="append",
|
||||
dns_group.add_option("--forwarder", dest="forwarders", action="append",
|
||||
type="ip", help="Add a DNS forwarder")
|
||||
parser.add_option("--no-forwarders", dest="no_forwarders", action="store_true",
|
||||
dns_group.add_option("--no-forwarders", dest="no_forwarders", action="store_true",
|
||||
default=False, help="Do not add any DNS forwarders, use root servers instead")
|
||||
parser.add_option("--reverse-zone", dest="reverse_zone", help="The reverse DNS zone to use")
|
||||
parser.add_option("--no-reverse", dest="no_reverse", action="store_true",
|
||||
dns_group.add_option("--reverse-zone", dest="reverse_zone", help="The reverse DNS zone to use")
|
||||
dns_group.add_option("--no-reverse", dest="no_reverse", action="store_true",
|
||||
default=False, help="Do not create reverse DNS zone")
|
||||
parser.add_option("--no-host-dns", dest="no_host_dns", action="store_true",
|
||||
dns_group.add_option("--no-host-dns", dest="no_host_dns", action="store_true",
|
||||
default=False,
|
||||
help="Do not use DNS for hostname lookup during installation")
|
||||
parser.add_option("--no-pkinit", dest="setup_pkinit", action="store_false",
|
||||
default=True, help="disables pkinit setup steps")
|
||||
parser.add_option("--no-ui-redirect", dest="ui_redirect", action="store_false",
|
||||
default=True, help="Do not automatically redirect to the Web UI")
|
||||
parser.add_option("--skip-conncheck", dest="skip_conncheck", action="store_true",
|
||||
default=False, help="skip connection check to remote master")
|
||||
parser.add_option("--setup-ca", dest="setup_ca", action="store_true",
|
||||
default=False, help="configure a dogtag CA")
|
||||
parser.add_option("-U", "--unattended", dest="unattended", action="store_true",
|
||||
default=False, help="unattended installation never prompts the user")
|
||||
parser.add_option_group(dns_group)
|
||||
|
||||
options, args = parser.parse_args()
|
||||
safe_options = parser.get_safe_opts(options)
|
||||
|
@ -40,6 +40,7 @@ from ConfigParser import RawConfigParser
|
||||
import random
|
||||
import tempfile
|
||||
import nss.error
|
||||
from optparse import OptionGroup
|
||||
|
||||
from ipaserver.install import dsinstance
|
||||
from ipaserver.install import krbinstance
|
||||
@ -103,88 +104,101 @@ def parse_options():
|
||||
# Guaranteed to give a random 200k range below the 2G mark (uint32_t limit)
|
||||
namespace = random.randint(1, 10000) * 200000
|
||||
parser = IPAOptionParser(version=version.VERSION)
|
||||
parser.add_option("-r", "--realm", dest="realm_name",
|
||||
|
||||
basic_group = OptionGroup(parser, "basic options")
|
||||
basic_group.add_option("-r", "--realm", dest="realm_name",
|
||||
help="realm name")
|
||||
parser.add_option("-n", "--domain", dest="domain_name",
|
||||
basic_group.add_option("-n", "--domain", dest="domain_name",
|
||||
help="domain name")
|
||||
parser.add_option("-p", "--ds-password", dest="dm_password",
|
||||
basic_group.add_option("-p", "--ds-password", dest="dm_password",
|
||||
sensitive=True, help="admin password")
|
||||
parser.add_option("-P", "--master-password",
|
||||
basic_group.add_option("-P", "--master-password",
|
||||
dest="master_password", sensitive=True,
|
||||
help="kerberos master password (normally autogenerated)")
|
||||
parser.add_option("-a", "--admin-password",
|
||||
basic_group.add_option("-a", "--admin-password",
|
||||
sensitive=True, dest="admin_password",
|
||||
help="admin user kerberos password")
|
||||
parser.add_option("-d", "--debug", dest="debug", action="store_true",
|
||||
default=False, help="print debugging information")
|
||||
parser.add_option("", "--selfsign", dest="selfsign", action="store_true",
|
||||
default=False, help="Configure a self-signed CA instance rather than a dogtag CA")
|
||||
parser.add_option("", "--external-ca", dest="external_ca", action="store_true",
|
||||
default=False, help="Generate a CSR to be signed by an external CA")
|
||||
parser.add_option("", "--external_cert_file", dest="external_cert_file",
|
||||
help="File containing PKCS#10 certificate")
|
||||
parser.add_option("", "--external_ca_file", dest="external_ca_file",
|
||||
help="File containing PKCS#10 of the external CA chain")
|
||||
parser.add_option("--hostname", dest="host_name", help="fully qualified name of server")
|
||||
parser.add_option("--ip-address", dest="ip_address",
|
||||
basic_group.add_option("--hostname", dest="host_name", help="fully qualified name of server")
|
||||
basic_group.add_option("--ip-address", dest="ip_address",
|
||||
type="ip", ip_local=True,
|
||||
help="Master Server IP Address")
|
||||
parser.add_option("--setup-dns", dest="setup_dns", action="store_true",
|
||||
basic_group.add_option("-N", "--no-ntp", dest="conf_ntp", action="store_false",
|
||||
help="do not configure ntp", default=True)
|
||||
basic_group.add_option("--idstart", dest="idstart", default=namespace, type=int,
|
||||
help="The starting value for the IDs range (default random)")
|
||||
basic_group.add_option("--idmax", dest="idmax", default=0, type=int,
|
||||
help="The max value value for the IDs range (default: idstart+199999)")
|
||||
basic_group.add_option("--no_hbac_allow", dest="hbac_allow", default=False,
|
||||
action="store_true",
|
||||
help="Don't install allow_all HBAC rule")
|
||||
basic_group.add_option("--no-ui-redirect", dest="ui_redirect", action="store_false",
|
||||
default=True, help="Do not automatically redirect to the Web UI")
|
||||
basic_group.add_option("-d", "--debug", dest="debug", action="store_true",
|
||||
default=False, help="print debugging information")
|
||||
basic_group.add_option("-U", "--unattended", dest="unattended", action="store_true",
|
||||
default=False, help="unattended (un)installation never prompts the user")
|
||||
parser.add_option_group(basic_group)
|
||||
|
||||
cert_group = OptionGroup(parser, "certificate system options")
|
||||
cert_group.add_option("", "--selfsign", dest="selfsign", action="store_true",
|
||||
default=False, help="Configure a self-signed CA instance rather than a dogtag CA")
|
||||
cert_group.add_option("", "--external-ca", dest="external_ca", action="store_true",
|
||||
default=False, help="Generate a CSR to be signed by an external CA")
|
||||
cert_group.add_option("", "--external_cert_file", dest="external_cert_file",
|
||||
help="File containing PKCS#10 certificate")
|
||||
cert_group.add_option("", "--external_ca_file", dest="external_ca_file",
|
||||
help="File containing PKCS#10 of the external CA chain")
|
||||
cert_group.add_option("--no-pkinit", dest="setup_pkinit", action="store_false",
|
||||
default=True, help="disables pkinit setup steps")
|
||||
cert_group.add_option("--dirsrv_pkcs12", dest="dirsrv_pkcs12",
|
||||
help="PKCS#12 file containing the Directory Server SSL certificate")
|
||||
cert_group.add_option("--http_pkcs12", dest="http_pkcs12",
|
||||
help="PKCS#12 file containing the Apache Server SSL certificate")
|
||||
cert_group.add_option("--pkinit_pkcs12", dest="pkinit_pkcs12",
|
||||
help="PKCS#12 file containing the Kerberos KDC SSL certificate")
|
||||
cert_group.add_option("--dirsrv_pin", dest="dirsrv_pin", sensitive=True,
|
||||
help="The password of the Directory Server PKCS#12 file")
|
||||
cert_group.add_option("--http_pin", dest="http_pin", sensitive=True,
|
||||
help="The password of the Apache Server PKCS#12 file")
|
||||
cert_group.add_option("--pkinit_pin", dest="pkinit_pin",
|
||||
help="The password of the Kerberos KDC PKCS#12 file")
|
||||
cert_group.add_option("--subject", action="callback", callback=subject_callback,
|
||||
type="string",
|
||||
help="The certificate subject base (default O=<realm-name>)")
|
||||
parser.add_option_group(cert_group)
|
||||
|
||||
dns_group = OptionGroup(parser, "DNS options")
|
||||
dns_group.add_option("--setup-dns", dest="setup_dns", action="store_true",
|
||||
default=False, help="configure bind with our zone")
|
||||
parser.add_option("--forwarder", dest="forwarders", action="append",
|
||||
dns_group.add_option("--forwarder", dest="forwarders", action="append",
|
||||
type="ip", help="Add a DNS forwarder")
|
||||
parser.add_option("--no-forwarders", dest="no_forwarders", action="store_true",
|
||||
dns_group.add_option("--no-forwarders", dest="no_forwarders", action="store_true",
|
||||
default=False, help="Do not add any DNS forwarders, use root servers instead")
|
||||
parser.add_option("--reverse-zone", dest="reverse_zone", help="The reverse DNS zone to use")
|
||||
parser.add_option("--no-reverse", dest="no_reverse", action="store_true",
|
||||
dns_group.add_option("--reverse-zone", dest="reverse_zone", help="The reverse DNS zone to use")
|
||||
dns_group.add_option("--no-reverse", dest="no_reverse", action="store_true",
|
||||
default=False, help="Do not create reverse DNS zone")
|
||||
parser.add_option("--zonemgr", action="callback", callback=zonemgr_callback,
|
||||
dns_group.add_option("--zonemgr", action="callback", callback=zonemgr_callback,
|
||||
type="string",
|
||||
help="DNS zone manager e-mail address. Defaults to root")
|
||||
parser.add_option("--zone-notif", dest="zone_notif",
|
||||
dns_group.add_option("--zone-notif", dest="zone_notif",
|
||||
action="store_true", default=False,
|
||||
help="Let name server receive notification when a new zone is added." \
|
||||
"Zone refresh is turned off when zone notification is enabled")
|
||||
parser.add_option("--zone-refresh", dest="zone_refresh",
|
||||
dns_group.add_option("--zone-refresh", dest="zone_refresh",
|
||||
default=DNS_ZONE_REFRESH, type="int",
|
||||
help="A delay between checks for new DNS zones. Defaults to %d" \
|
||||
% DNS_ZONE_REFRESH)
|
||||
parser.add_option("-U", "--unattended", dest="unattended", action="store_true",
|
||||
default=False, help="unattended installation never prompts the user")
|
||||
parser.add_option("", "--uninstall", dest="uninstall", action="store_true",
|
||||
default=False, help="uninstall an existing installation")
|
||||
parser.add_option("-N", "--no-ntp", dest="conf_ntp", action="store_false",
|
||||
help="do not configure ntp", default=True)
|
||||
parser.add_option("--no-pkinit", dest="setup_pkinit", action="store_false",
|
||||
default=True, help="disables pkinit setup steps")
|
||||
parser.add_option("--dirsrv_pkcs12", dest="dirsrv_pkcs12",
|
||||
help="PKCS#12 file containing the Directory Server SSL certificate")
|
||||
parser.add_option("--http_pkcs12", dest="http_pkcs12",
|
||||
help="PKCS#12 file containing the Apache Server SSL certificate")
|
||||
parser.add_option("--pkinit_pkcs12", dest="pkinit_pkcs12",
|
||||
help="PKCS#12 file containing the Kerberos KDC SSL certificate")
|
||||
parser.add_option("--dirsrv_pin", dest="dirsrv_pin", sensitive=True,
|
||||
help="The password of the Directory Server PKCS#12 file")
|
||||
parser.add_option("--http_pin", dest="http_pin", sensitive=True,
|
||||
help="The password of the Apache Server PKCS#12 file")
|
||||
parser.add_option("--pkinit_pin", dest="pkinit_pin",
|
||||
help="The password of the Kerberos KDC PKCS#12 file")
|
||||
parser.add_option("--no-host-dns", dest="no_host_dns", action="store_true",
|
||||
dns_group.add_option("--no-host-dns", dest="no_host_dns", action="store_true",
|
||||
default=False,
|
||||
help="Do not use DNS for hostname lookup during installation")
|
||||
parser.add_option_group(dns_group)
|
||||
|
||||
uninstall_group = OptionGroup(parser, "uninstall options")
|
||||
uninstall_group.add_option("", "--uninstall", dest="uninstall", action="store_true",
|
||||
default=False, help="uninstall an existing installation. The uninstall can " \
|
||||
"be run with --unattended option")
|
||||
parser.add_option_group(uninstall_group)
|
||||
|
||||
parser.add_option("--idstart", dest="idstart", default=namespace, type=int,
|
||||
help="The starting value for the IDs range (default random)")
|
||||
parser.add_option("--idmax", dest="idmax", default=0, type=int,
|
||||
help="The max value value for the IDs range (default: idstart+199999)")
|
||||
parser.add_option("--subject", action="callback", callback=subject_callback,
|
||||
type="string",
|
||||
help="The certificate subject base (default O=<realm-name>)")
|
||||
parser.add_option("--no_hbac_allow", dest="hbac_allow", default=False,
|
||||
action="store_true",
|
||||
help="Don't install allow_all HBAC rule")
|
||||
parser.add_option("--no-ui-redirect", dest="ui_redirect", action="store_false",
|
||||
default=True, help="Do not automatically redirect to the Web UI")
|
||||
options, args = parser.parse_args()
|
||||
safe_options = parser.get_safe_opts(options)
|
||||
|
||||
|
@ -16,7 +16,7 @@
|
||||
.\"
|
||||
.\" Author: Rob Crittenden <rcritten@redhat.com>
|
||||
.\"
|
||||
.TH "ipa-ca-install" "1" "Jun 17 2011" "freeipa" ""
|
||||
.TH "ipa-ca-install" "1" "Jun 17 2011" "FreeIPA" "FreeIPA Manual Pages"
|
||||
.SH "NAME"
|
||||
ipa\-ca\-install \- Install a CA on a replica
|
||||
.SH "SYNOPSIS"
|
||||
|
@ -16,7 +16,7 @@
|
||||
.\"
|
||||
.\" Author: Simo Sorce <ssorce@redhat.com>
|
||||
.\"
|
||||
.TH "ipa-compat-manage" "1" "Dec 2 2008" "freeipa" ""
|
||||
.TH "ipa-compat-manage" "1" "Dec 2 2008" "FreeIPA" "FreeIPA Manual Pages"
|
||||
.SH "NAME"
|
||||
ipa\-compat\-manage \- Enables or disables the schema compatibility plugin
|
||||
.SH "SYNOPSIS"
|
||||
|
@ -16,7 +16,7 @@
|
||||
.\"
|
||||
.\" Author: Rob Crittenden <rcritten@redhat.com>
|
||||
.\"
|
||||
.TH "ipa-compliance" "1" "Dec 14 2010" "freeipa" ""
|
||||
.TH "ipa-compliance" "1" "Dec 14 2010" "FreeIPA" "FreeIPA Manual Pages"
|
||||
.SH "NAME"
|
||||
ipa\-compliance \- Check entitlement compliance
|
||||
.SH "SYNOPSIS"
|
||||
@ -35,7 +35,7 @@ The command logs to syslog and if run from a tty will log to the terminal as wel
|
||||
The IPA server provides 25 entitlements of its own.
|
||||
.SH "OPTIONS"
|
||||
.TP
|
||||
\fB\-\-\-debug\fR
|
||||
\fB\-\-debug\fR
|
||||
Enable debugging output in the command
|
||||
.SH "EXIT STATUS"
|
||||
0 if the command was successful
|
||||
|
@ -16,7 +16,7 @@
|
||||
.\"
|
||||
.\" Author: Rob Crittenden <rcritten@redhat.com>
|
||||
.\"
|
||||
.TH "ipa-csreplica-manage" "1" "Jul 14 2011" "freeipa" ""
|
||||
.TH "ipa-csreplica-manage" "1" "Jul 14 2011" "FreeIPA" "FreeIPA Manual Pages"
|
||||
.SH "NAME"
|
||||
ipa\-csreplica\-manage \- Manage an IPA CS replica
|
||||
.SH "SYNOPSIS"
|
||||
|
@ -16,7 +16,7 @@
|
||||
.\"
|
||||
.\" Author: Rob Crittenden <rcritten@redhat.com>
|
||||
.\"
|
||||
.TH "ipa-dns-install" "1" "Sep 9, 2010" "freeipa" ""
|
||||
.TH "ipa-dns-install" "1" "Sep 9, 2010" "FreeIPA" "FreeIPA Manual Pages"
|
||||
.SH "NAME"
|
||||
ipa\-dns\-install \- Add DNS as a service to an IPA server
|
||||
.SH "SYNOPSIS"
|
||||
|
@ -16,7 +16,7 @@
|
||||
.\"
|
||||
.\" Author: Jr Aquino <jr.aquino@citrix.com>
|
||||
.\"
|
||||
.TH "ipa-host-net-manage" "1" "Dec 2 2010" "freeipa" ""
|
||||
.TH "ipa-host-net-manage" "1" "Dec 2 2010" "FreeIPA" "FreeIPA Manual Pages"
|
||||
.SH "NAME"
|
||||
ipa\-host\-net\-manage \- Enables or disables the schema Managed Entry Hostgroup -to- Netgroup plugin
|
||||
.SH "SYNOPSIS"
|
||||
|
@ -16,7 +16,7 @@
|
||||
.\"
|
||||
.\" Author: Rob Crittenden <rcritten@redhat.com>
|
||||
.\"
|
||||
.TH "ipa-ldap-updater" "1" "Sep 12 2008" "freeipa" ""
|
||||
.TH "ipa-ldap-updater" "1" "Sep 12 2008" "FreeIPA" "FreeIPA Manual Pages"
|
||||
.SH "NAME"
|
||||
ipa\-ldap\-updater \- Update the IPA LDAP configuration
|
||||
.SH "SYNOPSIS"
|
||||
|
@ -16,7 +16,7 @@
|
||||
.\"
|
||||
.\" Author: Rob Crittenden <rcritten@redhat.com>
|
||||
.\"
|
||||
.TH "ipa-nis-manage" "1" "May 6 2009" "freeipa" ""
|
||||
.TH "ipa-nis-manage" "1" "May 6 2009" "FreeIPA" "FreeIPA Manual Pages"
|
||||
.SH "NAME"
|
||||
ipa\-nis\-manage \- Enables or disables the NIS listener plugin
|
||||
.SH "SYNOPSIS"
|
||||
|
@ -16,7 +16,7 @@
|
||||
.\"
|
||||
.\" Author: Martin Kosek <mkosek@redhat.com>
|
||||
.\"
|
||||
.TH "ipa-replica-conncheck" "1" "Jun 2 2011" "freeipa" ""
|
||||
.TH "ipa-replica-conncheck" "1" "Jun 2 2011" "FreeIPA" "FreeIPA Manual Pages"
|
||||
.SH "NAME"
|
||||
ipa\-replica\-conncheck \- Check a replica\-master network connection before installation
|
||||
.SH "SYNOPSIS"
|
||||
|
@ -16,7 +16,7 @@
|
||||
.\"
|
||||
.\" Author: Rob Crittenden <rcritten@redhat.com>
|
||||
.\"
|
||||
.TH "ipa-replica-install" "1" "Mar 14 2008" "freeipa" ""
|
||||
.TH "ipa-replica-install" "1" "Sep 5 2011" "FreeIPA" "FreeIPA Manual Pages"
|
||||
.SH "NAME"
|
||||
ipa\-replica\-install \- Create an IPA replica
|
||||
.SH "SYNOPSIS"
|
||||
@ -26,12 +26,11 @@ Configures a new IPA server that is a replica of the server that generated it. O
|
||||
|
||||
The replica_file is created using the ipa\-replica\-prepare utility.
|
||||
.SH "OPTIONS"
|
||||
.SS "BASIC OPTIONS"
|
||||
.TP
|
||||
\fB\-N\fR, \fB\-\-no\-ntp\fR
|
||||
Do not configure NTP
|
||||
.TP
|
||||
\fB\-d\fR, \fB\-\-debug
|
||||
Enable debug logging when more verbose output is needed
|
||||
\fB\-\-setup\-ca\fR
|
||||
Install and configure a CA on this replica. If a CA is not configured then
|
||||
certificate operations will be forwarded to a master with a CA installed.
|
||||
.TP
|
||||
\fB\-p\fR \fIDM_PASSWORD\fR, \fB\-\-password\fR=\fIDM_PASSWORD\fR
|
||||
Directory Manager (existing master) password
|
||||
@ -39,9 +38,27 @@ Directory Manager (existing master) password
|
||||
\fB\-w\fR \fIADMIN_PASSWORD\fR, \fB\-\-admin\-password\fR=\fIADMIN_PASSWORD\fR
|
||||
Admin user Kerberos password used for connection check
|
||||
.TP
|
||||
\fB\-\-setup\-ca\fR
|
||||
Install and configure a CA on this replica. If a CA is not configured then
|
||||
certificate operations will be forwarded to a master with a CA installed.
|
||||
\fB\-N\fR, \fB\-\-no\-ntp\fR
|
||||
Do not configure NTP
|
||||
.TP
|
||||
\fB\-\-no\-ui\-redirect\fR
|
||||
Do not automatically redirect to the Web UI.
|
||||
.TP
|
||||
\fB\-\-skip\-conncheck\fR
|
||||
Skip connection check to remote master
|
||||
.TP
|
||||
\fB\-d\fR, \fB\-\-debug
|
||||
Enable debug logging when more verbose output is needed
|
||||
.TP
|
||||
\fB\-U\fR, \fB\-\-unattended\fR
|
||||
An unattended installation that will never prompt for user input
|
||||
|
||||
.SS "CERTIFICATE SYSTEM OPTIONS"
|
||||
.TP
|
||||
\fB\-\-no\-pkinit\fR
|
||||
Disables pkinit setup steps
|
||||
|
||||
.SS "DNS OPTIONS"
|
||||
.TP
|
||||
\fB\-\-setup\-dns\fR
|
||||
Generate a DNS zone if it does not exist already and configure the DNS server.
|
||||
@ -64,18 +81,7 @@ Do not create reverse DNS zone
|
||||
.TP
|
||||
\fB\-\-no\-host\-dns\fR
|
||||
Do not use DNS for hostname lookup during installation
|
||||
.TP
|
||||
\fB\-\-no\-pkinit\fR
|
||||
Disables pkinit setup steps
|
||||
.TP
|
||||
\fB\-\-no\-ui\-redirect\fR
|
||||
Do not automatically redirect to the Web UI.
|
||||
.TP
|
||||
\fB\-\-skip\-conncheck\fR
|
||||
Skip connection check to remote master
|
||||
.TP
|
||||
\fB\-U\fR, \fB\-\-unattended\fR
|
||||
An unattended installation that will never prompt for user input
|
||||
|
||||
.SH "EXIT STATUS"
|
||||
0 if the command was successful
|
||||
|
||||
|
@ -16,7 +16,7 @@
|
||||
.\"
|
||||
.\" Author: Rob Crittenden <rcritten@redhat.com>
|
||||
.\"
|
||||
.TH "ipa-replica-manage" "1" "Mar 14 2008" "freeipa" ""
|
||||
.TH "ipa-replica-manage" "1" "Mar 14 2008" "FreeIPA" "FreeIPA Manual Pages"
|
||||
.SH "NAME"
|
||||
ipa\-replica\-manage \- Manage an IPA replica
|
||||
.SH "SYNOPSIS"
|
||||
@ -114,4 +114,5 @@ Completely remove a replica:
|
||||
Using connect/disconnect you can manage the replication topology.
|
||||
.SH "EXIT STATUS"
|
||||
0 if the command was successful
|
||||
1 if an error occurred
|
||||
|
||||
1 if an error occurred
|
||||
|
@ -16,7 +16,7 @@
|
||||
.\"
|
||||
.\" Author: Rob Crittenden <rcritten@redhat.com>
|
||||
.\"
|
||||
.TH "ipa-replica-prepare" "1" "Mar 14 2008" "freeipa" ""
|
||||
.TH "ipa-replica-prepare" "1" "Mar 14 2008" "FreeIPA" "FreeIPA Manual Pages"
|
||||
.SH "NAME"
|
||||
ipa\-replica\-prepare \- Create an IPA replica file
|
||||
.SH "SYNOPSIS"
|
||||
|
@ -16,7 +16,7 @@
|
||||
.\"
|
||||
.\" Author: Rob Crittenden <rcritten@redhat.com>
|
||||
.\"
|
||||
.TH "ipa-server-certinstall" "1" "Mar 14 2008" "freeipa" ""
|
||||
.TH "ipa-server-certinstall" "1" "Mar 14 2008" "FreeIPA" "FreeIPA Manual Pages"
|
||||
.SH "NAME"
|
||||
ipa\-server\-certinstall \- Install new SSL server certificates
|
||||
.SH "SYNOPSIS"
|
||||
|
@ -16,14 +16,16 @@
|
||||
.\"
|
||||
.\" Author: Rob Crittenden <rcritten@redhat.com>
|
||||
.\"
|
||||
.TH "ipa-server-install" "1" "Mar 14 2008" "freeipa" ""
|
||||
.TH "ipa-server-install" "1" "Sep 5 2011" "FreeIPA" "FreeIPA Manual Pages"
|
||||
.SH "NAME"
|
||||
ipa\-server\-install \- Configure an IPA server
|
||||
.SH "SYNOPSIS"
|
||||
ipa\-server\-install [\fIOPTION\fR]...
|
||||
.SH "DESCRIPTION"
|
||||
Configures the services needed by an IPA server. This includes setting up a Kerberos Key Distribution Center (KDC) and a Kadmin daemon with an LDAP back\-end, configuring Apache, configuring NTP and optionally configuring and starting an LDAP-backed DNS server. By default a dogtag\-based CA will be configured to issue server certificates.
|
||||
|
||||
.SH "OPTIONS"
|
||||
.SS "BASIC OPTIONS"
|
||||
.TP
|
||||
\fB\-r\fR \fIREALM_NAME\fR, \fB\-\-realm\fR=\fIREALM_NAME\fR
|
||||
The Kerberos realm name for the IPA server
|
||||
@ -40,9 +42,36 @@ The kerberos master password (normally autogenerated)
|
||||
\fB\-a\fR \fIADMIN_PASSWORD\fR, \fB\-\-admin\-password\fR=\fIADMIN_PASSWORD\fR
|
||||
The password for the IPA admin user
|
||||
.TP
|
||||
\fB\-\-hostname\fR=\fIHOST_NAME\fR
|
||||
The fully\-qualified DNS name of this server
|
||||
.TP
|
||||
\fB\-\-ip\-address\fR=\fIIP_ADDRESS\fR
|
||||
The IP address of this server. If this address does not match the address the host resolves to and --setup-dns is not selected the installation will fail.
|
||||
.TP
|
||||
\fB\-N\fR, \fB\-\-no\-ntp\fR
|
||||
Do not configure NTP
|
||||
.TP
|
||||
\fB\-\-idstart\fR=\fIIDSTART\fR
|
||||
The starting user and group id number (default random)
|
||||
.TP
|
||||
\fB\-\-idmax\fR=\fIIDMAX\fR
|
||||
The maximum user and group id number (default: idstart+199999). If set to zero, the default value will be used.
|
||||
.TP
|
||||
\fB\-\-no_hbac_allow\fR
|
||||
Don't install allow_all HBAC rule. This rule lets any user from any host access any service on any other host. It is expected that users will remove this rule before moving to production.
|
||||
.TP
|
||||
\fB\-\-no\-ui\-redirect\fR
|
||||
Do not automatically redirect to the Web UI.
|
||||
.TP
|
||||
\fB\-d\fR, \fB\-\-debug\fR
|
||||
Enable debug logging when more verbose output is needed
|
||||
.TP
|
||||
\fB\-U\fR, \fB\-\-unattended\fR
|
||||
An unattended installation that will never prompt for user input
|
||||
|
||||
|
||||
.SS "CERTIFICATE SYSTEM OPTIONS"
|
||||
.TP
|
||||
\fB\-\-selfsign\fR
|
||||
Configure a self\-signed CA instance for issuing server certificates instead of using dogtag for certificates
|
||||
.TP
|
||||
@ -55,11 +84,31 @@ File containing PKCS#10 certificate
|
||||
\fB\-\-external_ca_file\fR=\fIFILE\fR
|
||||
File containing PKCS#10 of the external CA chain
|
||||
.TP
|
||||
\fB\-\-hostname\fR=\fIHOST_NAME\fR
|
||||
The fully\-qualified DNS name of this server
|
||||
\fB\-\-no\-pkinit\fR
|
||||
Disables pkinit setup steps
|
||||
.TP
|
||||
\fB\-\-ip\-address\fR=\fIIP_ADDRESS\fR
|
||||
The IP address of this server. If this address does not match the address the host resolves to and --setup-dns is not selected the installation will fail.
|
||||
\fB\-\-dirsrv_pkcs12\fR=\fIFILE\fR
|
||||
PKCS#12 file containing the Directory Server SSL Certificate
|
||||
.TP
|
||||
\fB\-\-http_pkcs12\fR=\fIFILE\fR
|
||||
PKCS#12 file containing the Apache Server SSL Certificate
|
||||
.TP
|
||||
\fB\-\-pkinit_pkcs12\fR=\fIFILE\fR
|
||||
PKCS#12 file containing the Kerberos KDC SSL certificate
|
||||
.TP
|
||||
\fB\-\-dirsrv_pin\fR=\fIDIRSRV_PIN\fR
|
||||
The password of the Directory Server PKCS#12 file
|
||||
.TP
|
||||
\fB\-\-http_pin\fR=\fIHTTP_PIN\fR
|
||||
The password of the Apache Server PKCS#12 file
|
||||
.TP
|
||||
\fB\-\-pkinit_pin\fR=\fIPKINIT_PIN\fR
|
||||
The password of the Kerberos KDC PKCS#12 file
|
||||
.TP
|
||||
\fB\-\-subject\fR=\fISUBJECT\fR
|
||||
The certificate subject base (default O=REALM.NAME)
|
||||
|
||||
.SS "DNS OPTIONS"
|
||||
.TP
|
||||
\fB\-\-setup\-dns\fR
|
||||
Generate a DNS zone if it does not exist already and configure the DNS server.
|
||||
@ -94,57 +143,21 @@ Let name server receive notifications when a new zone is added. New zone is then
|
||||
\fB\-\-zone\-refresh=\fIZONE_REFRESH\fR
|
||||
Number of seconds between regular checks for new DNS zones. When set to 0 the name server does not check for new zones and it needs to be reloaded when a new DNS zone is added.
|
||||
.TP
|
||||
\fB\-U\fR, \fB\-\-unattended\fR
|
||||
An unattended installation that will never prompt for user input
|
||||
\fB\-\-no\-host\-dns\fR
|
||||
Do not use DNS for hostname lookup during installation
|
||||
|
||||
.SS "UNINSTALL OPTIONS"
|
||||
.TP
|
||||
\fB\-\-uninstall\fR
|
||||
Uninstall an existing IPA installation
|
||||
.TP
|
||||
\fB\-N\fR, \fB\-\-no\-ntp\fR
|
||||
Do not configure NTP
|
||||
.TP
|
||||
\fB\-\-no\-pkinit\fR
|
||||
Disables pkinit setup steps
|
||||
.TP
|
||||
\fB\-\-dirsrv_pkcs12\fR=\fIFILE\fR
|
||||
PKCS#12 file containing the Directory Server SSL Certificate
|
||||
.TP
|
||||
\fB\-\-http_pkcs12\fR=\fIFILE\fR
|
||||
PKCS#12 file containing the Apache Server SSL Certificate
|
||||
.TP
|
||||
\fB\-\-pkinit_pkcs12\fR=\fIFILE\fR
|
||||
PKCS#12 file containing the Kerberos KDC SSL certificate
|
||||
.TP
|
||||
\fB\-\-dirsrv_pin\fR=\fIDIRSRV_PIN\fR
|
||||
The password of the Directory Server PKCS#12 file
|
||||
.TP
|
||||
\fB\-\-http_pin\fR=\fIHTTP_PIN\fR
|
||||
The password of the Apache Server PKCS#12 file
|
||||
.TP
|
||||
\fB\-\-pkinit_pin\fR=\fIPKINIT_PIN\fR
|
||||
The password of the Kerberos KDC PKCS#12 file
|
||||
.TP
|
||||
\fB\-\-no\-host\-dns\fR
|
||||
Do not use DNS for hostname lookup during installation
|
||||
.TP
|
||||
\fB\-\-idstart\fR=\fIIDSTART\fR
|
||||
The starting user and group id number (default random)
|
||||
.TP
|
||||
\fB\-\-idmax\fR=\fIIDMAX\fR
|
||||
The maximum user and group id number (default: idstart+199999). If set to zero, the default value will be used.
|
||||
.TP
|
||||
\fB\-\-subject\fR=\fISUBJECT\fR
|
||||
The certificate subject base (default O=REALM.NAME)
|
||||
.TP
|
||||
\fB\-\-no_hbac_allow\fR
|
||||
Don't install allow_all HBAC rule. This rule lets any user from any host access any service on any other host. It is expected that users will remove this rule before moving to production.
|
||||
.TP
|
||||
\fB\-\-no\-ui\-redirect\fR
|
||||
Do not automatically redirect to the Web UI.
|
||||
.TP
|
||||
\fB\-U\fR, \fB\-\-unattended\fR
|
||||
An unattended uninstallation that will never prompt for user input
|
||||
|
||||
.SH "EXIT STATUS"
|
||||
0 if the installation was successful
|
||||
0 if the (un)installation was successful
|
||||
|
||||
1 if an error occurred
|
||||
|
||||
.SH "SEE ALSO"
|
||||
.BR ipa-dns-install (1)
|
||||
|
@ -16,7 +16,7 @@
|
||||
.\"
|
||||
.\" Author: Rob Crittenden <rcritten@redhat.com>
|
||||
.\"
|
||||
.TH "ipactl" "8" "Mar 14 2008" "freeipa" ""
|
||||
.TH "ipactl" "8" "Mar 14 2008" "FreeIPA" "FreeIPA Manual Pages"
|
||||
.SH "NAME"
|
||||
ipactl \- IPA Server Control Interface
|
||||
.SH "SYNOPSIS"
|
||||
|
@ -42,7 +42,7 @@ try:
|
||||
from ipapython.config import IPAOptionParser
|
||||
import SSSDConfig
|
||||
from ConfigParser import RawConfigParser
|
||||
from optparse import SUPPRESS_HELP
|
||||
from optparse import SUPPRESS_HELP, OptionGroup
|
||||
except ImportError:
|
||||
print >> sys.stderr, """\
|
||||
There was a problem importing one of the required Python modules. The
|
||||
@ -61,46 +61,61 @@ client_nss_nickname_format = 'IPA Machine Certificate - %s'
|
||||
|
||||
def parse_options():
|
||||
parser = IPAOptionParser(version=version.VERSION)
|
||||
parser.add_option("--domain", dest="domain", help="domain name")
|
||||
parser.add_option("--server", dest="server", help="IPA server")
|
||||
parser.add_option("--realm", dest="realm_name", help="realm name")
|
||||
parser.add_option("-f", "--force", dest="force", action="store_true",
|
||||
default=False, help="force setting of LDAP/Kerberos conf")
|
||||
parser.add_option("-d", "--debug", dest="debug", action="store_true",
|
||||
default=False, help="print debugging information")
|
||||
parser.add_option("-U", "--unattended", dest="unattended",
|
||||
action="store_true",
|
||||
help="unattended installation never prompts the user")
|
||||
parser.add_option("--ntp-server", dest="ntp_server", help="ntp server to use")
|
||||
parser.add_option("-S", "--no-sssd", action="store_false",
|
||||
help="Do not configure the client to use SSSD for authentication", default=True, dest="sssd")
|
||||
parser.add_option("-N", "--no-ntp", action="store_false",
|
||||
help="do not configure ntp", default=True, dest="conf_ntp")
|
||||
parser.add_option("-w", "--password", dest="password", sensitive=True,
|
||||
|
||||
basic_group = OptionGroup(parser, "basic options")
|
||||
basic_group.add_option("--domain", dest="domain", help="domain name")
|
||||
basic_group.add_option("--server", dest="server", help="IPA server")
|
||||
basic_group.add_option("--realm", dest="realm_name", help="realm name")
|
||||
basic_group.add_option("-p", "--principal", dest="principal",
|
||||
help="principal to use to join the IPA realm"),
|
||||
basic_group.add_option("-w", "--password", dest="password", sensitive=True,
|
||||
help="password to join the IPA realm (assumes bulk password unless principal is also set)"),
|
||||
parser.add_option("-W", dest="prompt_password", action="store_true",
|
||||
basic_group.add_option("-W", dest="prompt_password", action="store_true",
|
||||
default=False,
|
||||
help="Prompt for a password to join the IPA realm"),
|
||||
parser.add_option("-p", "--principal", dest="principal",
|
||||
help="principal to use to join the IPA realm"),
|
||||
# --on-master is used in ipa-server-install and ipa-replica-install
|
||||
# only, it isn't meant to be used on clients.
|
||||
parser.add_option("--on-master", dest="on_master", action="store_true",
|
||||
help=SUPPRESS_HELP, default=False)
|
||||
parser.add_option("--permit", dest="permit", action="store_true",
|
||||
help="disable access rules by default, permit all access.", default=False)
|
||||
parser.add_option("--mkhomedir", dest="mkhomedir", action="store_true",
|
||||
help="create home directories for users on their first login", default=False)
|
||||
parser.add_option("", "--uninstall", dest="uninstall", action="store_true",
|
||||
default=False, help="uninstall an existing installation")
|
||||
parser.add_option("", "--hostname", dest="hostname",
|
||||
basic_group.add_option("--mkhomedir", dest="mkhomedir",
|
||||
action="store_true", default=False,
|
||||
help="create home directories for users on their first login")
|
||||
basic_group.add_option("", "--hostname", dest="hostname",
|
||||
help="The hostname of this server (FQDN). If specified, the hostname will be set and "
|
||||
"the system configuration will be updated to persist over reboot. "
|
||||
"By default a nodename result from uname(2) is used.")
|
||||
parser.add_option("", "--enable-dns-updates", dest="dns_updates", action="store_true", default=False,
|
||||
basic_group.add_option("--ntp-server", dest="ntp_server", help="ntp server to use")
|
||||
basic_group.add_option("-N", "--no-ntp", action="store_false",
|
||||
help="do not configure ntp", default=True, dest="conf_ntp")
|
||||
basic_group.add_option("-f", "--force", dest="force", action="store_true",
|
||||
default=False, help="force setting of LDAP/Kerberos conf")
|
||||
basic_group.add_option("-d", "--debug", dest="debug", action="store_true",
|
||||
default=False, help="print debugging information")
|
||||
basic_group.add_option("-U", "--unattended", dest="unattended",
|
||||
action="store_true",
|
||||
help="unattended (un)installation never prompts the user")
|
||||
# --on-master is used in ipa-server-install and ipa-replica-install
|
||||
# only, it isn't meant to be used on clients.
|
||||
basic_group.add_option("--on-master", dest="on_master", action="store_true",
|
||||
help=SUPPRESS_HELP, default=False)
|
||||
parser.add_option_group(basic_group)
|
||||
|
||||
sssd_group = OptionGroup(parser, "SSSD options")
|
||||
sssd_group.add_option("--permit", dest="permit",
|
||||
action="store_true", default=False,
|
||||
help="disable access rules by default, permit all access.")
|
||||
sssd_group.add_option("", "--enable-dns-updates", dest="dns_updates",
|
||||
action="store_true", default=False,
|
||||
help="Configures the machine to attempt dns updates when the ip address changes.")
|
||||
parser.add_option("--no-krb5-offline-passwords", dest="krb5_offline_passwords", action="store_false",
|
||||
help="Configure SSSD not to store user password when the server is offline", default=True)
|
||||
sssd_group.add_option("--no-krb5-offline-passwords", dest="krb5_offline_passwords",
|
||||
action="store_false", default=True,
|
||||
help="Configure SSSD not to store user password when the server is offline")
|
||||
sssd_group.add_option("-S", "--no-sssd", dest="sssd",
|
||||
action="store_false", default=True,
|
||||
help="Do not configure the client to use SSSD for authentication")
|
||||
parser.add_option_group(sssd_group)
|
||||
|
||||
uninstall_group = OptionGroup(parser, "uninstall options")
|
||||
uninstall_group.add_option("", "--uninstall", dest="uninstall", action="store_true",
|
||||
default=False, help="uninstall an existing installation. The uninstall can " \
|
||||
"be run with --unattended option")
|
||||
parser.add_option_group(uninstall_group)
|
||||
|
||||
options, args = parser.parse_args()
|
||||
safe_opts = parser.get_safe_opts(options)
|
||||
|
@ -16,7 +16,7 @@
|
||||
.\"
|
||||
.\" Author: Rob Crittenden <rcritten@@redhat.com>
|
||||
.\"
|
||||
.TH "default.conf" "5" "02/21/2011" "freeipa" ""
|
||||
.TH "default.conf" "5" "Feb 21 2011" "FreeIPA" "FreeIPA Manual Pages"
|
||||
.SH "NAME"
|
||||
default.conf \- IPA configuration file
|
||||
.SH "SYNOPSIS"
|
||||
|
@ -16,7 +16,7 @@
|
||||
.\"
|
||||
.\" Author: Rob Crittenden <rcritten@redhat.com>
|
||||
.\"
|
||||
.TH "ipa-client-install" "1" "Mar 14 2008" "freeipa" ""
|
||||
.TH "ipa-client-install" "1" "Sep 5 2011" "FreeIPA" "FreeIPA Manual Pages"
|
||||
.SH "NAME"
|
||||
ipa\-client\-install \- Configure an IPA client
|
||||
.SH "SYNOPSIS"
|
||||
@ -29,7 +29,9 @@ By default this configures SSSD to connect to an IPA server for authentication a
|
||||
An authorized user is required to join a client machine to IPA. This can take the form of a kerberos principal or a one\-time password associated with the machine.
|
||||
|
||||
This same tool is used to unconfigure IPA and attemps to return the machine to its previous state. Part of this process is to unenroll the host from the IPA server. Unenrollment consists of disabling the prinicipal key on the IPA server so that it may be re\-enrolled. The machine principal in /etc/krb5.keytab (host/<fqdn>@REALM) is used to authenticate to the IPA server to unenroll itself. If this principal does not exist then unenrollment will fail and an administrator will need to disable the host principal (ipa host\-disable <fqdn>).
|
||||
|
||||
.SH "OPTIONS"
|
||||
.SS "BASIC OPTIONS"
|
||||
.TP
|
||||
\fB\-\-domain\fR=\fIDOMAIN\fR
|
||||
Set the domain name to DOMAIN
|
||||
@ -40,6 +42,27 @@ Set the IPA server to connect to
|
||||
\fB\-\-realm\fR=\fIREALM_NAME\fR
|
||||
Set the IPA realm name to REALM_NAME
|
||||
.TP
|
||||
\fB\-p\fR, \fB\-\-principal\fR
|
||||
Authorized kerberos principal to use to join the IPA realm.
|
||||
.TP
|
||||
\fB\-w\fR \fIPASSWORD\fR, \fB\-\-password\fR=\fIPASSWORD\fR
|
||||
Password for joining a machine to the IPA realm. Assumes bulk password unless principal is also set.
|
||||
.TP
|
||||
\fB\-W\fR
|
||||
Prompt for the password for joining a machine to the IPA realm.
|
||||
.TP
|
||||
\fB\-\-mkhomedir\fR
|
||||
Configure PAM to create a users home directory if it does not exist.
|
||||
.TP
|
||||
\fB\-\-hostname\fR
|
||||
The hostname of this server (FQDN). If specified, the hostname will be set and the system configuration will be updated to persist over reboot. By default a nodename result from uname(2) is used.
|
||||
.TP
|
||||
\fB\-\-ntp\-server\fR=\fINTP_SERVER\fR
|
||||
Configure ntpd to use this NTP server.
|
||||
.TP
|
||||
\fB\-N\fR, \fB\-\-no\-ntp\fR
|
||||
Do not configure or enable NTP.
|
||||
.TP
|
||||
\fB\-f\fR, \fB\-\-force\fR
|
||||
Force the settings even if errors occur
|
||||
.TP
|
||||
@ -48,42 +71,28 @@ Print debugging information to stdout
|
||||
.TP
|
||||
\fB\-U\fR, \fB\-\-unattended\fR
|
||||
Unattended installation. The user will not be prompted.
|
||||
.TP
|
||||
\fB\-\-ntp\-server\fR=\fINTP_SERVER\fR
|
||||
Configure ntpd to use this NTP server.
|
||||
.TP
|
||||
\fB\-S\fR, \fB\-\-no\-sssd\fR
|
||||
Do not configure the client to use SSSD for authentication, use nss_ldap instead.
|
||||
.TP
|
||||
\fB\-N\fR, \fB\-\-no\-ntp\fR
|
||||
Do not configure or enable NTP.
|
||||
.TP
|
||||
\fB\-w\fR \fIPASSWORD\fR, \fB\-\-password\fR=\fIPASSWORD\fR
|
||||
Password for joining a machine to the IPA realm. Assumes bulk password unless principal is also set.
|
||||
.TP
|
||||
\fB\-W\fR
|
||||
Prompt for the password for joining a machine to the IPA realm.
|
||||
.TP
|
||||
\fB\-p\fR, \fB\-\-principal\fR
|
||||
Authorized kerberos principal to use to join the IPA realm.
|
||||
|
||||
.SS "SSSD OPTIONS"
|
||||
.TP
|
||||
\fB\-\-permit\fR
|
||||
Configure SSSD to permit all access. Otherwise the machine will be controlled by the Host\-based Access Controls (HBAC) on the IPA server.
|
||||
.TP
|
||||
\fB\-\-mkhomedir\fR
|
||||
Configure PAM to create a users home directory if it does not exist.
|
||||
.TP
|
||||
\fB\-\-uninstall\fR
|
||||
Remove the IPA client software and restore the configuration to the pre\-IPA state.
|
||||
.TP
|
||||
\fB\-\-hostname\fR
|
||||
The hostname of this server (FQDN). If specified, the hostname will be set and the system configuration will be updated to persist over reboot. By default a nodename result from uname(2) is used.
|
||||
.TP
|
||||
\fB\-\-enable\-dns\-updates\fR
|
||||
This option tells SSSD to automatically update DNS with the IP address of this client.
|
||||
.TP
|
||||
\fB\-\-no\-krb5\-offline\-passwords\fR
|
||||
Configure SSSD not to store user password when the server is offline.
|
||||
.TP
|
||||
\fB\-S\fR, \fB\-\-no\-sssd\fR
|
||||
Do not configure the client to use SSSD for authentication, use nss_ldap instead.
|
||||
|
||||
.SS "UNINSTALL OPTIONS"
|
||||
.TP
|
||||
\fB\-\-uninstall\fR
|
||||
Remove the IPA client software and restore the configuration to the pre\-IPA state.
|
||||
\fB\-U\fR, \fB\-\-unattended\fR
|
||||
Unattended uninstallation. The user will not be prompted.
|
||||
|
||||
.SH "EXIT STATUS"
|
||||
0 if the installation was successful
|
||||
|
||||
|
@ -17,7 +17,7 @@
|
||||
.\" Author: Karl MacMillan <kmacmill@redhat.com>
|
||||
.\" Author: Simo Sorce <ssorce@redhat.com>
|
||||
.\"
|
||||
.TH "ipa-getkeytab" "1" "Oct 10 2007" "freeipa" ""
|
||||
.TH "ipa-getkeytab" "1" "Oct 10 2007" "FreeIPA" "FreeIPA Manual Pages"
|
||||
.SH "NAME"
|
||||
ipa\-getkeytab \- Get a keytab for a Kerberos principal
|
||||
.SH "SYNOPSIS"
|
||||
|
@ -16,7 +16,7 @@
|
||||
.\"
|
||||
.\" Author: Rob Crittenden <rcritten@redhat.com>
|
||||
.\"
|
||||
.TH "ipa-join" "1" "Oct 8 2009" "freeipa" ""
|
||||
.TH "ipa-join" "1" "Oct 8 2009" "FreeIPA" "FreeIPA Manual Pages"
|
||||
.SH "NAME"
|
||||
ipa\-join \- Join a machine to an IPA realm and get a keytab for the host service principal
|
||||
.SH "SYNOPSIS"
|
||||
|
@ -17,7 +17,7 @@
|
||||
.\" Author: Rob Crittenden <rcritten@redhat.com>
|
||||
.\"
|
||||
.\"
|
||||
.TH "ipa-rmkeytab" "1" "Oct 30 2009" "freeipa" ""
|
||||
.TH "ipa-rmkeytab" "1" "Oct 30 2009" "FreeIPA" "FreeIPA Manual Pages"
|
||||
.SH "NAME"
|
||||
ipa\-rmkeytab \- Remove a kerberos principal from a keytab
|
||||
.SH "SYNOPSIS"
|
||||
|
Loading…
Reference in New Issue
Block a user