[Freeipa-users] Howto re-deploy an IPA-client using kickstart
Simo Sorce
simo at redhat.com
Fri Jan 25 02:40:28 UTC 2013
On Thu, 2013-01-24 at 21:36 -0500, Matthew Barr wrote:
> On Jan 24, 2013, at 6:53 PM, Dmitri Pal <dpal at redhat.com> wrote:
> >
> > Yes you can set it again. This is how we envisioned the feature to be used.
> > If it does not work it is a bug.
>
>
> ipa-server-2.2.0-16.el6.x86_64, Centos 6.3
>
> [mbarr at ipa ~]$ ipa host-mod wiki01.ayisnap.com --password=foo
> ipa: ERROR: invalid 'password': Password cannot be set on enrolled host.
Matthew this is indeed the correct behavior, previous information from
Dmitri was not correct.
Once a host is enrolled you cannot reset the OTP password as that would
effectively mean destroying the hosts credentials while the host is
enrolled. Currently the IPA workflow expects you unenroll the client
first.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-users
mailing list