On 06/06/2013 03:45 PM, Jan Pazdziora wrote:
On Wed, Jun 05, 2013 at 04:14:36PM +0200, Ana Krivokapic wrote:
The attached patch should improve handling of client re-enrollment
related options of ipa-client-install.
+ if options.keytab and options.principal:
+ root_logger.error("Options 'principal' and 'keytab' cannot be used "
+ return CLIENT_INSTALL_ERROR
I know that this check only explains what happens later in the code
but isn't using custom principal _plus_ a keytab for that principal
a valid combination? Right now, it's either principal + password, or
keytab and from that keytab a specific host/* principal. Can't it be
ptincipal + keytab?
Currently only the host keytab is supported. This is described
in the man pages / or shows up with --help option, so there should
be no confusion.
The use case was to have a way how to automatically re-enroll
a host that would not need sticking admin's password in the script.
Freeipa-devel mailing list