And, using the ipa command is only possible on ipa clients. Although our Satellite server is an IPA client, I am (as of yet) unable to execute ipa commands from any ipa client prior to the re-install request from Satellite. There is, afaik, no such thing as a pre-reinstall hook or anything like that.
As for the ipa-host-mod --password=foo thing. You can first run the command "ipa disable-host <fqdn> and _then_ run "ipa host-mod <fqdn> --password=foo Met vriendelijke groeten, * Fred van Zwieten * *Enterprise Open Source Services* * Consultant* *(vrijdags afwezig)* *VX Company IT Services B.V.* *T* (035) 539 09 50 mobiel (06) 41 68 28 48 *F* (035) 539 09 08 *E* [email protected] *I* www.vxcompany.com On Fri, Jan 25, 2013 at 3:40 AM, Simo Sorce <[email protected]> wrote: > On Thu, 2013-01-24 at 21:36 -0500, Matthew Barr wrote: > > On Jan 24, 2013, at 6:53 PM, Dmitri Pal <[email protected]> wrote: > > > > > > Yes you can set it again. This is how we envisioned the feature to be > used. > > > If it does not work it is a bug. > > > > > > ipa-server-2.2.0-16.el6.x86_64, Centos 6.3 > > > > [mbarr@ipa ~]$ ipa host-mod wiki01.ayisnap.com --password=foo > > ipa: ERROR: invalid 'password': Password cannot be set on enrolled host. > > Matthew this is indeed the correct behavior, previous information from > Dmitri was not correct. > > Once a host is enrolled you cannot reset the OTP password as that would > effectively mean destroying the hosts credentials while the host is > enrolled. Currently the IPA workflow expects you unenroll the client > first. > > Simo. > > -- > Simo Sorce * Red Hat, Inc * New York > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users >
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
