diff options
author | Sumit Bose <sbose@redhat.com> | 2019-03-22 12:37:39 +0100 |
---|---|---|
committer | Sumit Bose <sbose@redhat.com> | 2019-03-22 13:49:47 +0100 |
commit | 6fd99ff6c5dd6ef0be8d942989b1c6dcee3102d9 (patch) | |
tree | 0680f2bcc38442a116fc0cba70f681f5a90173ec /doc | |
parent | 972f1a2f35829ed89f5353bd204683aa9ad6a2d2 (diff) |
Implement 'adcli testjoin'
By calling adcli testjoin it will be checked if the host credentials
stored in the keytab are still valid.
Related to https://bugzilla.redhat.com/show_bug.cgi?id=1622583
Diffstat (limited to 'doc')
-rw-r--r-- | doc/adcli.xml | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/doc/adcli.xml b/doc/adcli.xml index af73433..9605b4a 100644 --- a/doc/adcli.xml +++ b/doc/adcli.xml @@ -44,6 +44,9 @@ <command>adcli update</command> </cmdsynopsis> <cmdsynopsis> + <command>adcli testjoin</command> + </cmdsynopsis> + <cmdsynopsis> <command>adcli create-user</command> <arg choice="opt">--domain=domain.example.com</arg> <arg choice="plain">user</arg> @@ -474,6 +477,37 @@ $ adcli update --login-ccache=/tmp/krbcc_123 </refsect1> +<refsect1 id='testjoin'> + <title>Testing if the machine account password is valid</title> + + <para><command>adcli testjoin</command> uses the current credentials in + the keytab and tries to authenticate with the machine account to the AD + domain. If this works the machine account password and the join are + still valid. If it fails the machine account password or the whole + machine account have to be refreshed with + <command>adcli join</command> or <command>adcli update</command>. + </para> + +<programlisting> +$ adcli testjoin +</programlisting> + + <para>Only the global options not related to authentication are + available, additionally you can specify the following options to + control how this operation is done.</para> + + <variablelist> + <varlistentry> + <term><option>-K, --host-keytab=<parameter>/path/to/keytab</parameter></option></term> + <listitem><para>Specify the path to the host keytab where + current host credentials are stored and the new ones + will be written to. If not specified, the default + location will be used, usually + <filename>/etc/krb5.keytab</filename>.</para></listitem> + </varlistentry> + </variablelist> +</refsect1> + <refsect1 id='create_user'> <title>Creating a User</title> |