Imported Debian patch 4.0.5-6~numeezy
This commit is contained in:
Alexandre Ellert
committed by
Mario Fetka
Mario Fetka
parent
c44de33144
commit
10dfc9587b
@@ -36,6 +36,9 @@ Your DNS domain name
|
||||
\fB\-p\fR \fIDM_PASSWORD\fR, \fB\-\-ds\-password\fR=\fIDM_PASSWORD\fR
|
||||
The password to be used by the Directory Server for the Directory Manager user
|
||||
.TP
|
||||
\fB\-P\fR \fIMASTER_PASSWORD\fR, \fB\-\-master\-password\fR=\fIMASTER_PASSWORD\fR
|
||||
The kerberos master password (normally autogenerated)
|
||||
.TP
|
||||
\fB\-a\fR \fIADMIN_PASSWORD\fR, \fB\-\-admin\-password\fR=\fIADMIN_PASSWORD\fR
|
||||
The password for the IPA admin user
|
||||
.TP
|
||||
@@ -46,8 +49,7 @@ Create home directories for users on their first login
|
||||
The fully\-qualified DNS name of this server. If the hostname does not match system hostname, the system hostname will be updated accordingly to prevent service failures.
|
||||
.TP
|
||||
\fB\-\-ip\-address\fR=\fIIP_ADDRESS\fR
|
||||
The IP address of this server. If this address does not match the address the host resolves to and \-\-setup\-dns is not selected the installation will fail. If the server hostname is not resolvable, a record for the hostname and IP_ADDRESS is added to /etc/hosts.
|
||||
This this option can be used multiple times to specify more IP addresses of the server (e.g. multihomed and/or dualstacked server).
|
||||
The IP address of this server. If this address does not match the address the host resolves to and --setup-dns is not selected the installation will fail. If the server hostname is not resolvable, a record for the hostname and IP_ADDRESS is added to /etc/hosts.
|
||||
.TP
|
||||
\fB\-N\fR, \fB\-\-no\-ntp\fR
|
||||
Do not configure NTP
|
||||
@@ -61,9 +63,6 @@ The maximum user and group id number (default: idstart+199999). If set to zero,
|
||||
\fB\-\-no_hbac_allow\fR
|
||||
Don't install allow_all HBAC rule. This rule lets any user from any host access any service on any other host. It is expected that users will remove this rule before moving to production.
|
||||
.TP
|
||||
\fB\-\-ignore-topology-disconnect\fR
|
||||
Ignore errors reported when IPA server uninstall would lead to disconnected topology. This option can be used only when domain level is 1 or more.
|
||||
.TP
|
||||
\fB\-\-no\-ui\-redirect\fR
|
||||
Do not automatically redirect to the Web UI.
|
||||
.TP
|
||||
@@ -81,59 +80,49 @@ Enable debug logging when more verbose output is needed
|
||||
.TP
|
||||
\fB\-U\fR, \fB\-\-unattended\fR
|
||||
An unattended installation that will never prompt for user input
|
||||
.TP
|
||||
\fB\-\-dirsrv\-config\-file\fR
|
||||
The path to LDIF file that will be used to modify configuration of dse.ldif during installation of the directory server instance
|
||||
|
||||
|
||||
.SS "CERTIFICATE SYSTEM OPTIONS"
|
||||
.TP
|
||||
\fB\-\-external\-ca\fR
|
||||
Generate a CSR for the IPA CA certificate to be signed by an external CA.
|
||||
.TP
|
||||
\fB\-\-external\-ca\-type\fR=\fITYPE\fR
|
||||
Type of the external CA. Possible values are "generic", "ms-cs". Default value is "generic". Use "ms-cs" to include template name required by Microsoft Certificate Services (MS CS) in the generated CSR.
|
||||
\fB\-\-external_cert_file\fR=\fIFILE\fR
|
||||
File containing the IPA CA certificate signed by the external CA in PEM format. Must be given with \-\-external_ca_file.
|
||||
.TP
|
||||
\fB\-\-external\-cert\-file\fR=\fIFILE\fR
|
||||
File containing the IPA CA certificate and the external CA certificate chain. The file is accepted in PEM and DER certificate and PKCS#7 certificate chain formats. This option may be used multiple times.
|
||||
\fB\-\-external_ca_file\fR=\fIFILE\fR
|
||||
File containing the external CA certificate chain in PEM format. Must be given with \-\-external_cert_file.
|
||||
|
||||
If the CA certificate chain is in PKCS#7 format you can convert it to PEM using:
|
||||
|
||||
openssl pkcs7 -in PKCS7_FILE -print_certs -out PEM_FILE
|
||||
.TP
|
||||
\fB\-\-no\-pkinit\fR
|
||||
Disables pkinit setup steps
|
||||
.TP
|
||||
\fB\-\-dirsrv\-cert\-file\fR=\fIFILE\fR
|
||||
File containing the Directory Server SSL certificate and private key. The files are accepted in PEM and DER certificate, PKCS#7 certificate chain, PKCS#8 and raw private key and PKCS#12 formats. This option may be used multiple times.
|
||||
\fB\-\-dirsrv_pkcs12\fR=\fIFILE\fR
|
||||
PKCS#12 file containing the Directory Server SSL Certificate
|
||||
.TP
|
||||
\fB\-\-http\-cert\-file\fR=\fIFILE\fR
|
||||
File containing the Apache Server SSL certificate and private key. The files are accepted in PEM and DER certificate, PKCS#7 certificate chain, PKCS#8 and raw private key and PKCS#12 formats. This option may be used multiple times.
|
||||
\fB\-\-http_pkcs12\fR=\fIFILE\fR
|
||||
PKCS#12 file containing the Apache Server SSL Certificate
|
||||
.TP
|
||||
\fB\-\-pkinit\-cert\-file\fR=\fIFILE\fR
|
||||
File containing the Kerberos KDC SSL certificate and private key. The files are accepted in PEM and DER certificate, PKCS#7 certificate chain, PKCS#8 and raw private key and PKCS#12 formats. This option may be used multiple times.
|
||||
\fB\-\-pkinit_pkcs12\fR=\fIFILE\fR
|
||||
PKCS#12 file containing the Kerberos KDC SSL certificate
|
||||
.TP
|
||||
\fB\-\-dirsrv\-pin\fR=\fIPIN\fR
|
||||
The password to unlock the Directory Server private key
|
||||
\fB\-\-dirsrv_pin\fR=\fIDIRSRV_PIN\fR
|
||||
The password of the Directory Server PKCS#12 file
|
||||
.TP
|
||||
\fB\-\-http\-pin\fR=\fIPIN\fR
|
||||
The password to unlock the Apache Server private key
|
||||
\fB\-\-http_pin\fR=\fIHTTP_PIN\fR
|
||||
The password of the Apache Server PKCS#12 file
|
||||
.TP
|
||||
\fB\-\-pkinit\-pin\fR=\fIPIN\fR
|
||||
The password to unlock the Kerberos KDC private key
|
||||
\fB\-\-pkinit_pin\fR=\fIPKINIT_PIN\fR
|
||||
The password of the Kerberos KDC PKCS#12 file
|
||||
.TP
|
||||
\fB\-\-dirsrv\-cert\-name\fR=\fINAME\fR
|
||||
Name of the Directory Server SSL certificate to install
|
||||
.TP
|
||||
\fB\-\-http\-cert\-name\fR=\fINAME\fR
|
||||
Name of the Apache Server SSL certificate to install
|
||||
.TP
|
||||
\fB\-\-pkinit\-cert\-name\fR=\fINAME\fR
|
||||
Name of the Kerberos KDC SSL certificate to install
|
||||
.TP
|
||||
\fB\-\-ca\-cert\-file\fR=\fIFILE\fR
|
||||
File containing the CA certificate of the CA which issued the Directory Server, Apache Server and Kerberos KDC certificates. The file is accepted in PEM and DER certificate and PKCS#7 certificate chain formats. This option may be used multiple times. Use this option if the CA certificate is not present in the certificate files.
|
||||
\fB\-\-root\-ca\-file\fR=\fIFILE\fR
|
||||
PEM file containing the CA certificate of the CA which issued the Directory Server, Apache Server and Kerberos KDC SSL certificates. Use this option if the CA certificate is not present in the PKCS#12 files.
|
||||
.TP
|
||||
\fB\-\-subject\fR=\fISUBJECT\fR
|
||||
The certificate subject base (default O=REALM.NAME)
|
||||
.TP
|
||||
\fB\-\-ca\-signing\-algorithm\fR=\fIALGORITHM\fR
|
||||
Signing algorithm of the IPA CA certificate. Possible values are SHA1withRSA, SHA256withRSA, SHA512withRSA. Default value is SHA256withRSA. Use this option with --external-ca if the external CA does not support the default signing algorithm.
|
||||
|
||||
.SS "DNS OPTIONS"
|
||||
.TP
|
||||
@@ -155,18 +144,12 @@ the \fB\-\-no\-forwarders\fR option is specified.
|
||||
\fB\-\-no\-forwarders\fR
|
||||
Do not add any DNS forwarders. Root DNS servers will be used instead.
|
||||
.TP
|
||||
\fB\-\-auto\-forwarders\fR
|
||||
Add DNS forwarders configured in /etc/resolv.conf to the list of forwarders used by IPA DNS.
|
||||
.TP
|
||||
\fB\-\-reverse\-zone\fR=\fIREVERSE_ZONE\fR
|
||||
The reverse DNS zone to use. This option can be used multiple times to specify multiple reverse zones.
|
||||
The reverse DNS zone to use
|
||||
.TP
|
||||
\fB\-\-no\-reverse\fR
|
||||
Do not create reverse DNS zone
|
||||
.TP
|
||||
\fB\-\-auto\-reverse\fR
|
||||
Try to resolve reverse records and reverse zones for server IP addresses and if neither is resolvable creates these reverse zones.
|
||||
.TP
|
||||
\fB\-\-zonemgr\fR
|
||||
The e\-mail address of the DNS zone manager. Defaults to hostmaster@DOMAIN
|
||||
.TP
|
||||
@@ -175,12 +158,6 @@ Do not use DNS for hostname lookup during installation
|
||||
.TP
|
||||
\fB\-\-no\-dns\-sshfp\fR
|
||||
Do not automatically create DNS SSHFP records.
|
||||
.TP
|
||||
\fB\-\-no\-dnssec\-validation\fR
|
||||
Disable DNSSEC validation on this server.
|
||||
.TP
|
||||
\fB\-\-allow\-zone\-overlap\fR
|
||||
Allow creatin of (reverse) zone even if the zone is already resolvable. Using this option is discouraged as it result in later problems with domain name resolution.
|
||||
|
||||
.SS "UNINSTALL OPTIONS"
|
||||
.TP
|
||||
@@ -190,11 +167,6 @@ Uninstall an existing IPA installation
|
||||
\fB\-U\fR, \fB\-\-unattended\fR
|
||||
An unattended uninstallation that will never prompt for user input
|
||||
|
||||
.SH "DEPRECATED OPTIONS"
|
||||
.TP
|
||||
\fB\-P\fR \fIMASTER_PASSWORD\fR, \fB\-\-master\-password\fR=\fIMASTER_PASSWORD\fR
|
||||
The kerberos master password (normally autogenerated).
|
||||
|
||||
.SH "EXIT STATUS"
|
||||
0 if the (un)installation was successful
|
||||
|
||||
|
||||
Reference in New Issue
Block a user