NAME

       ipa-kra-install - Install a KRA on a server

SYNOPSIS

       ipa-kra-install [OPTION]... [replica_file]

DESCRIPTION

       Adds  a  KRA  as  an  IPA-managed  service.  This  requires that the IPA server is already
       installed and configured, including a CA.

       The KRA (Key Recovery Authority) is a component used to securely  store  secrets  such  as
       passwords,  symmetric  keys  and  private  asymmetric  keys.   It  is used as the back-end
       repository for the IPA Password Vault.

       ipa-kra-install  can  be  run  without  replica_file  to  add  KRA  to  the  existing  CA.
       ipa-kra-install  will  contact  the CA to determine if a KRA has already been installed on
       another replica, and if so, will exit indicating that a replica_file is required.

       The replica_file is created using the ipa-replica-prepare  utility.   A  new  replica_file
       should  be  generated  on  the  master  IPA  server  after  the KRA has been installed and
       configured, so that the replica_file will contain the master KRA configuration and  system
       certificates.

       The  uninstall  option  can  be   used  to  remove  the KRA from the local IPA server. KRA
       instances on other replicas are not affected.  The KRA will also be removed if the  entire
       server is removed using ipa-server-install --uninstall.

OPTIONS

       -p DM_PASSWORD, --password=DM_PASSWORD Directory Manager (existing master) password

       -U, --unattended
              An unattended installation that will never prompt for user input

       --uninstall
              Uninstall the KRA from the local IPA server.

       -v, --verbose
              Enable debug output when more verbose output is needed

       -q, --quiet
              Output only errors

       -v, --log-file=ILE
              Log to the given file

EXIT STATUS

       0 if the command was successful

       1 if an error occurred