freeipa/install/tools/man/ipa-server-install.1
Rob Crittenden 92e350ca0a Create default HBAC rule allowing any user to access any host from any host
This is to make initial installation and testing easier.

Use the --no_hbac_allow option on the command-line to disable this when
doing an install.

To remove it from a running server do: ipa hbac-del allow_all
2010-05-05 14:57:58 -04:00

111 lines
3.9 KiB
Groff

.\" A man page for ipa-server-install
.\" Copyright (C) 2008 Red Hat, Inc.
.\"
.\" This is free software; you can redistribute it and/or modify it under
.\" the terms of the GNU Library General Public License as published by
.\" the Free Software Foundation; version 2 only
.\"
.\" This program is distributed in the hope that it will be useful, but
.\" WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
.\" General Public License for more details.
.\"
.\" You should have received a copy of the GNU Library General Public
.\" License along with this program; if not, write to the Free Software
.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
.\"
.\" Author: Rob Crittenden <rcritten@redhat.com>
.\"
.TH "ipa-server-install" "1" "Mar 14 2008" "freeipa" ""
.SH "NAME"
ipa\-server\-install \- Configure an IPA server
.SH "SYNOPSIS"
ipa\-server\-install [\fIOPTION\fR]...
.SH "DESCRIPTION"
Configures the services needed by an IPA server. This includes setting up a Kerberos Key Distribution Center (KDC) with an LDAP back\-end, configuring Apache, configuring NTP and starting some IPA\-provided services: ipa_kpasswd and ipa_webgui.
.SH "OPTIONS"
.TP
\fB\-u\fR, \fB\-\-user\fR=\fIDS_USER\fR
The user that the Directory Server will run as
.TP
\fB\-r\fR, \fB\-\-realm\fR=\fIREALM_NAME\fR
The Kerberos realm name for the IPA server
.TP
\fB\-n\fR, \fB\-\-domain\fR=\fIDOMAIN_NAME\fR
Your DNS domain name
.TP
\fB\-p\fR, \fB\-\-ds\-password\fR=\fIDM_PASSWORD\fR
The password to be used by the Directory Server for the Directory Manager user
.TP
\fB\-P\fR, \fB\-\-master\-password\fR=\fIMASTER_PASSWORD\fR
The kerberos master password (normally autogenerated)
.TP
\fB\-a\fR, \fB\-\-admin\-password\fR=\fIADMIN_PASSWORD\fR
The password for the IPA admin user
.TP
\fB\-d\fR, \fB\-\-debug\fR
Enable debug logging when more verbose output is needed
.TP
\fB\-\-ca\fR
Configure a CA instance for issuing server certificates
.TP
\fB\-\-hostname\fR=\fIHOST_NAME\fR
The fully\-qualified DNS name of this server
.TP
\fB\-\-ip\-address\fR=\fIIP_ADDRESS\fR
The IP address of this server
.TP
\fB\-U\fR, \fB\-\-unattended\fR
An unattended installation that will never prompt for user input
.TP
\fB\-\-setup\-dns\fR
Generate a DNS zone if it does not exist already and configure the DNS server.
This option requires that you either specify at least one DNS forwarder through
the \fB\-\-forwarder\fR option or use the \fB\-\-no\-forwarders\fR option.
.TP
\fB\-\-forwarder\fR=\fIIP_ADDRESS\fR
Add a DNS forwarder to the DNS configuration. You can use this option multiple
times to specify more forwarders, but at least one must be provided, unless
the \fB\-\-no\-forwarders\fR option is specified.
.TP
\fB\-\-no\-forwarders\fR
Do not add any DNS forwarders. Root DNS servers will be used instead.
.TP
\fB\-\-no\-host\-dns\fR
Do not use DNS for hostname lookup during installation
.TP
\fB\-N\fR, \fB\-\-no\-ntp\fR
Do not configure NTP
.TP
\fB\-\-uninstall\fR
Uninstall an existing IPA installation
.TP
\fB\-\-dirsrv_pkcs12\fR=\fIFILE\fR
PKCS#12 file containing the Directory Server SSL Certificate
.TP
\fB\-\-http_pkcs12\fR=\fIFILE\fR
PKCS#12 file containing the Apache Server SSL Certificate
.TP
\fB\-\-dirsrv_pin\fR=\fIDIRSRV_PIN\fR
The password of the Directory Server PKCS#12 file
.TP
\fB\-\-http_pin\fR=\fIHTTP_PIN\fR
The password of the Apache Server PKCS#12 file
.TP
\fB\-\-uidstart\fR=\fIUIDSTART\fR
The starting user id number (default random)
.TP
\fB\-\-gidstart\fR=\fIGIDSTART\fR
The starting group id number (default random)
.TP
\fB\-\-subject\fR=\fISUBJECT\fR
The certificate subject base (default O=IPA)
.TP
\fB\-\-no_hbac_allow\fR
Don't install allow_all HBAC rule. This rule lets any user from any host access any service on any other host. It is expected that users will remove this rule before moving to production.
.TP
.SH "EXIT STATUS"
0 if the installation was successful
1 if an error occurred