[Freeipa-devel] [PATCH] 353 enable sssd and certmonger
Rob Crittenden
rcritten at redhat.com
Wed Jan 20 22:01:08 UTC 2010
Configure sssd and certmonger in ipa-client-install
This does a number of things under the hood:
- Use authconfig to enable sssd in nss and pam
- Configure /etc/sssd/sssd.conf to use our IPA provider
- Enable the certmonger process and request a server cert
- join the IPA domain and retrieve a principal. The clinet machine
*must* exist in IPA to be able to do a join.
- And then undo all this on uninstall
There are 2 ways to join a host, using a one-time password or a user
with the proper privileges.
For example, create a host joinable by an admin (must be in the
hostadmin role):
$ ipa host-add test.example.com
To add a host with a OTP:
$ ipa host-add --password=Secret123 test2.example.com
Then run ipa-client-install on the client and it should basically work
the same as before except it will quit if the host has already been
enrolled.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-353-sssd.patch
Type: application/mbox
Size: 7573 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20100120/0fa91358/attachment.mbox>
More information about the Freeipa-devel
mailing list