Make it clear in man pages that ipa-join -u does not remove keytab.

https://fedorahosted.org/freeipa/ticket/1317

>From ccd40926fd89cdc1abb0293383f331eb78c83696 Mon Sep 17 00:00:00 2001
From: Martin Kosek <mko...@redhat.com>
Date: Mon, 5 Sep 2011 12:34:43 +0200
Subject: [PATCH] Improve ipa-join man page

Make it clear in man pages that ipa-join -u does not remove keytab.

https://fedorahosted.org/freeipa/ticket/1317
---
 ipa-client/man/ipa-join.1 |   13 ++++++++++++-
 1 files changed, 12 insertions(+), 1 deletions(-)

diff --git a/ipa-client/man/ipa-join.1 b/ipa-client/man/ipa-join.1
index b46b25850029d7f49a4840c1a997ed30537e1ea9..252275703e43e8f7e6e57516ec75af24d433a63c 100644
--- a/ipa-client/man/ipa-join.1
+++ b/ipa-client/man/ipa-join.1
@@ -42,6 +42,11 @@ If a client host has already been joined to the IPA realm the ipa\-join command
 This command is normally executed by the ipa\-client\-install command as part of the enrollment process.
 
 The reverse is unenrollment. Unenrolling a host removes the Kerberos key on the IPA server. This prepares the host to be re\-enrolled. This uses the host principal stored in /etc/krb5.conf to authenticate to the IPA server to perform the unenrollment.
+
+Please note, that while the ipa\-join option removes the client from the domain, it does not actually uninstall the client or properly remove all of the IPA\-related configuration. The only way to uninstall a client completely is to use ipa\-client\-install \-\-uninstall
+(see
+.BR ipa\-client\-install (1)).
+
 .SH "OPTIONS"
 .TP
 \fB\-h,\-\-hostname hostname\fR
@@ -57,7 +62,9 @@ The keytab file where to append the new key (will be created if it does not exis
 The password to use if not using Kerberos to authenticate. Use a password of this particular host (one time password created on IPA server)
 .TP
 \fB\-u,\-\-unenroll\fR
-Unenroll this host from the IPA server
+Unenroll this host from the IPA server. No keytab entry is removed in the process
+(see
+.BR ipa-rmkeytab (1)).
 .TP
 \fB\-q,\-\-quiet\fR
 Quiet mode. Only errors are displayed.
@@ -123,3 +130,7 @@ The exit status is 0 on success, nonzero on error.
 20 Unenrollment result not in XML\-RPC response
 
 21 Failed to get default Kerberos realm
+
+.SH "SEE ALSO"
+.BR ipa-rmkeytab (1)
+.BR ipa-client-instal (1)
-- 
1.7.6

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to