mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-29 10:21:18 -06:00
c00bf9e38a
For ssh, VerifyHostKeyDNS option is set to 'yes' if --ssh-trust-dns ipa-client-install option is used. For sshd, KerberosAuthentication, GSSAPIAuthentication and UsePAM options are enabled (this can be disabled using --no-sshd ipa-client-install option). ticket 1634
101 lines
3.7 KiB
Groff
101 lines
3.7 KiB
Groff
.\" A man page for ipa-replica-install
|
|
.\" Copyright (C) 2008 Red Hat, Inc.
|
|
.\"
|
|
.\" This program is free software; you can redistribute it and/or modify
|
|
.\" it under the terms of the GNU General Public License as published by
|
|
.\" the Free Software Foundation, either version 3 of the License, or
|
|
.\" (at your option) any later version.
|
|
.\"
|
|
.\" This program is distributed in the hope that it will be useful, but
|
|
.\" WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
.\" General Public License for more details.
|
|
.\"
|
|
.\" You should have received a copy of the GNU General Public License
|
|
.\" along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
.\"
|
|
.\" Author: Rob Crittenden <rcritten@redhat.com>
|
|
.\"
|
|
.TH "ipa-replica-install" "1" "Sep 5 2011" "FreeIPA" "FreeIPA Manual Pages"
|
|
.SH "NAME"
|
|
ipa\-replica\-install \- Create an IPA replica
|
|
.SH "SYNOPSIS"
|
|
ipa\-replica\-install [\fIOPTION\fR]... replica_file
|
|
.SH "DESCRIPTION"
|
|
Configures a new IPA server that is a replica of the server that generated it. Once it has been created it is an exact copy of the original IPA server and is an equal master. Changes made to any master are automatically replicated to other masters.
|
|
|
|
The replica_file is created using the ipa\-replica\-prepare utility.
|
|
.SH "OPTIONS"
|
|
.SS "BASIC OPTIONS"
|
|
.TP
|
|
\fB\-\-setup\-ca\fR
|
|
Install and configure a CA on this replica. If a CA is not configured then
|
|
certificate operations will be forwarded to a master with a CA installed.
|
|
.TP
|
|
\fB\-\-ip\-address\fR=\fIIP_ADDRESS\fR
|
|
The IP address of this server. If this address does not match the address the host resolves to and --setup-dns is not selected the installation will fail. If the server hostname is not resolvable, a record for the hostname and IP_ADDRESS is added to /etc/hosts.
|
|
.TP
|
|
\fB\-p\fR \fIDM_PASSWORD\fR, \fB\-\-password\fR=\fIDM_PASSWORD\fR
|
|
Directory Manager (existing master) password
|
|
.TP
|
|
\fB\-w\fR \fIADMIN_PASSWORD\fR, \fB\-\-admin\-password\fR=\fIADMIN_PASSWORD\fR
|
|
Admin user Kerberos password used for connection check
|
|
.TP
|
|
\fB\-N\fR, \fB\-\-no\-ntp\fR
|
|
Do not configure NTP
|
|
.TP
|
|
\fB\-\-no\-ui\-redirect\fR
|
|
Do not automatically redirect to the Web UI.
|
|
.TP
|
|
\fB\-\-ssh\-trust\-dns\fR
|
|
Configure OpenSSH client to trust DNS SSHFP records.
|
|
.TP
|
|
\fB\-\-no\-sshd\fR
|
|
Do not configure OpenSSH server.
|
|
.TP
|
|
\fB\-\-skip\-conncheck\fR
|
|
Skip connection check to remote master
|
|
.TP
|
|
\fB\-d\fR, \fB\-\-debug
|
|
Enable debug logging when more verbose output is needed
|
|
.TP
|
|
\fB\-U\fR, \fB\-\-unattended\fR
|
|
An unattended installation that will never prompt for user input
|
|
|
|
.SS "CERTIFICATE SYSTEM OPTIONS"
|
|
.TP
|
|
\fB\-\-no\-pkinit\fR
|
|
Disables pkinit setup steps
|
|
|
|
.SS "DNS OPTIONS"
|
|
.TP
|
|
\fB\-\-setup\-dns\fR
|
|
Generate a DNS zone if it does not exist already and configure the DNS server.
|
|
This option requires that you either specify at least one DNS forwarder through
|
|
the \fB\-\-forwarder\fR option or use the \fB\-\-no\-forwarders\fR option.
|
|
.TP
|
|
\fB\-\-forwarder\fR=\fIIP_ADDRESS\fR
|
|
Add a DNS forwarder to the DNS configuration. You can use this option multiple
|
|
times to specify more forwarders, but at least one must be provided, unless
|
|
the \fB\-\-no\-forwarders\fR option is specified.
|
|
.TP
|
|
\fB\-\-no\-forwarders\fR
|
|
Do not add any DNS forwarders. Root DNS servers will be used instead.
|
|
.TP
|
|
\fB\-\-reverse\-zone\fR=\fIREVERSE_ZONE\fR
|
|
The reverse DNS zone to use
|
|
.TP
|
|
\fB\-\-no\-reverse\fR
|
|
Do not create new reverse DNS zone. If a reverse DNS zone already exists for the subnet, it will be used.
|
|
.TP
|
|
\fB\-\-no\-host\-dns\fR
|
|
Do not use DNS for hostname lookup during installation
|
|
.TP
|
|
\fB\-\-no\-dns\-sshfp\fR
|
|
Do not automatically create DNS SSHFP records.
|
|
|
|
.SH "EXIT STATUS"
|
|
0 if the command was successful
|
|
|
|
1 if an error occurred
|