On 04/26/2012 10:58 PM, David Copperfield wrote: > Hi, > > Just have a silly case where I've to download the existing version > keytab for a service principal. It is download only -- not recreate a > new version and download the new version which ipa-getkeytab does. -- > ipa-getkeytab command name seems a little bit misleading because it > does both 'set' and 'get' operations. > > I've overheard that there is way to get it from underlying 389 > directory server but not sure how to do it. Any one please shed a > light on this? Similarly, how to download a host certificate form > Dogtag because 'ipa-getcert request' also resetting it -- I may be > wrong and so please feel free to correct me :); or how about a user > principal's keytab from 389 too? Thanks a lot. > > --David >
Is it a one time operation? If so you can use ldapsearch utility. The object that will have ipaHost object class in IPA. You can use a Directory Manager credential to authenticate. I suggest you do it on the server and then deliver the key and the cert manually. I thought that there was a flag for ipa-getkeytab to fetch existing key but my knowledge in this area is rusty. Same with the cert. May be someone else would chime in. > > _______________________________________________ > Freeipa-users mailing list > Freeipa-users@redhat.com > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager IPA project, Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/
_______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users