Provided by: freeipa-server_4.3.1-0ubuntu1_amd64 
NAME
ipa-kra-install - Install a KRA on a server
SYNOPSIS
ipa-kra-install [OPTION]... [replica_file]
DESCRIPTION
Adds a KRA as an IPA-managed service. This requires that the IPA server is already installed and
configured, including a CA.
The KRA (Key Recovery Authority) is a component used to securely store secrets such as passwords,
symmetric keys and private asymmetric keys. It is used as the back-end repository for the IPA Password
Vault.
ipa-kra-install can be run without replica_file to add KRA to the existing CA. ipa-kra-install will
contact the CA to determine if a KRA has already been installed on another replica, and if so, will exit
indicating that a replica_file is required.
The replica_file is created using the ipa-replica-prepare utility. A new replica_file should be
generated on the master IPA server after the KRA has been installed and configured, so that the
replica_file will contain the master KRA configuration and system certificates.
The uninstall option can be used to remove the KRA from the local IPA server. KRA instances on other
replicas are not affected. The KRA will also be removed if the entire server is removed using
ipa-server-install --uninstall.
OPTIONS
-p DM_PASSWORD, --password=DM_PASSWORD Directory Manager (existing master) password
-U, --unattended
An unattended installation that will never prompt for user input
--uninstall
Uninstall the KRA from the local IPA server.
-v, --verbose
Enable debug output when more verbose output is needed
-q, --quiet
Output only errors
-v, --log-file=ILE
Log to the given file
EXIT STATUS
0 if the command was successful
1 if an error occurred
FreeIPA Aug 24 2014 ipa-kra-install(1)