And, using the ipa command is only possible on ipa clients.

Although our Satellite server is an IPA client, I am (as of yet) unable to
execute ipa commands from any ipa client prior to the re-install request
from Satellite. There is, afaik, no such thing as a pre-reinstall hook or
anything like that.

As for the ipa-host-mod --password=foo thing. You can first run the command
"ipa disable-host <fqdn> and _then_ run "ipa host-mod <fqdn> --password=foo


Met vriendelijke groeten,
*
Fred van Zwieten
*
*Enterprise Open Source Services*
*
Consultant*
*(vrijdags afwezig)*

*VX Company IT Services B.V.*
*T* (035) 539 09 50 mobiel (06) 41 68 28 48
*F* (035) 539 09 08
*E* fvzwie...@vxcompany.com
*I*  www.vxcompany.com


On Fri, Jan 25, 2013 at 3:40 AM, Simo Sorce <s...@redhat.com> wrote:

> On Thu, 2013-01-24 at 21:36 -0500, Matthew Barr wrote:
> > On Jan 24, 2013, at 6:53 PM, Dmitri Pal <d...@redhat.com> wrote:
> > >
> > > Yes you can set it again. This is how we envisioned the feature to be
> used.
> > > If it does not work it is a bug.
> >
> >
> > ipa-server-2.2.0-16.el6.x86_64, Centos 6.3
> >
> > [mbarr@ipa ~]$ ipa host-mod wiki01.ayisnap.com --password=foo
> > ipa: ERROR: invalid 'password': Password cannot be set on enrolled host.
>
> Matthew this is indeed the correct behavior, previous information from
> Dmitri was not correct.
>
> Once a host is enrolled you cannot reset the OTP password as that would
> effectively mean destroying the hosts credentials while the host is
> enrolled. Currently the IPA workflow expects you unenroll the client
> first.
>
> Simo.
>
> --
> Simo Sorce * Red Hat, Inc * New York
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users@redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to