And, using the ipa command is only possible on ipa clients.
Although our Satellite server is an IPA client, I am (as of yet) unable to
execute ipa commands from any ipa client prior to the re-install request
from Satellite. There is, afaik, no such thing as a pre-reinstall hook or
anything like that.
As for the ipa-host-mod --password=foo thing. You can first run the command
"ipa disable-host <fqdn> and _then_ run "ipa host-mod <fqdn> --password=foo
Met vriendelijke groeten,
Fred van Zwieten
*Enterprise Open Source Services*
*VX Company IT Services B.V.*
*T* (035) 539 09 50 mobiel (06) 41 68 28 48
*F* (035) 539 09 08
On Fri, Jan 25, 2013 at 3:40 AM, Simo Sorce <s...@redhat.com> wrote:
> On Thu, 2013-01-24 at 21:36 -0500, Matthew Barr wrote:
> > On Jan 24, 2013, at 6:53 PM, Dmitri Pal <d...@redhat.com> wrote:
> > >
> > > Yes you can set it again. This is how we envisioned the feature to be
> > > If it does not work it is a bug.
> > ipa-server-2.2.0-16.el6.x86_64, Centos 6.3
> > [mbarr@ipa ~]$ ipa host-mod wiki01.ayisnap.com --password=foo
> > ipa: ERROR: invalid 'password': Password cannot be set on enrolled host.
> Matthew this is indeed the correct behavior, previous information from
> Dmitri was not correct.
> Once a host is enrolled you cannot reset the OTP password as that would
> effectively mean destroying the hosts credentials while the host is
> enrolled. Currently the IPA workflow expects you unenroll the client
> Simo Sorce * Red Hat, Inc * New York
> Freeipa-users mailing list
Freeipa-users mailing list