xenial (1) ipa-kra-install.1.gz

NAME

       ipa-kra-install - Install a KRA on a server

SYNOPSIS

       ipa-kra-install [OPTION]... [replica_file]

DESCRIPTION

       Adds  a  KRA  as  an  IPA-managed  service.  This  requires  that the IPA server is already installed and
       configured, including a CA.

       The KRA (Key Recovery Authority) is a component  used  to  securely  store  secrets  such  as  passwords,
       symmetric  keys  and private asymmetric keys.  It is used as the back-end repository for the IPA Password
       Vault.

       ipa-kra-install can be run without replica_file to add KRA to  the  existing  CA.   ipa-kra-install  will
       contact  the CA to determine if a KRA has already been installed on another replica, and if so, will exit
       indicating that a replica_file is required.

       The replica_file is created  using  the  ipa-replica-prepare  utility.   A  new  replica_file  should  be
       generated  on  the  master  IPA  server  after  the  KRA  has  been installed and configured, so that the
       replica_file will contain the master KRA configuration and system certificates.

       The uninstall option can be  used to remove the KRA from the local IPA server.  KRA  instances  on  other
       replicas  are  not  affected.   The  KRA  will  also  be  removed  if  the entire server is removed using
       ipa-server-install --uninstall.

OPTIONS

       -p DM_PASSWORD, --password=DM_PASSWORD Directory Manager (existing master) password

       -U, --unattended
              An unattended installation that will never prompt for user input

       --uninstall
              Uninstall the KRA from the local IPA server.

       -v, --verbose
              Enable debug output when more verbose output is needed

       -q, --quiet
              Output only errors

       -v, --log-file=ILE
              Log to the given file

EXIT STATUS

       0 if the command was successful

       1 if an error occurred