1ipa-kra-install(1) IPA Manual Pages ipa-kra-install(1)
2
6 ipa-kra-install - Install a KRA on a server
7
9 DOMAIN LEVEL 0
10 ipa-kra-install [OPTION]... [replica_file]
11 DOMAIN LEVEL 1
13 ipa-kra-install [OPTION]...
14
16 Adds a KRA as an IPA-managed service. This requires that the IPA server
17 is already installed and configured, including a CA.
18 The KRA (Key Recovery Authority) is a component used to securely store
20 secrets such as passwords, symmetric keys and private asymmetric keys.
21 It is used as the back-end repository for the IPA Password Vault.
22 In a domain at domain level 0, ipa-kra-install can be run without
24 replica_file to add KRA to the existing CA, or with replica_file to
25 install the KRA service on the replica. ipa-kra-install will contact
26 the CA to determine if a KRA has already been installed on another
27 replica, and if so, will exit indicating that a replica_file is
28 required.
29 The replica_file is created using the ipa-replica-prepare utility. A
31 new replica_file should be generated on the master IPA server after the
32 KRA has been installed and configured, so that the replica_file will
33 contain the master KRA configuration and system certificates.
34 In a domain at domain level 1, ipa-kra-install can be used to add KRA
36 to the existing CA, or to install the KRA service on a replica, and
37 does not require any replica file.
38 KRA can only be removed along with the entire server using
40 ipa-server-install --uninstall.
41
43 -p DM_PASSWORD, --password=DM_PASSWORD
44 Directory Manager (existing master) password
45 --no-host-dns
47 Do not use DNS for hostname lookup during installation
48 -U, --unattended
50 An unattended installation that will never prompt for user input
51 -v, --verbose
53 Enable debug output when more verbose output is needed
54 -q, --quiet
56 Output only errors
57 --log-file=FILE
59 Log to the given file
60
62 0 if the command was successful
63 1 if an error occurred
65IPA May 10 2017 ipa-kra-install(1)