ipa-kra-install - Man Page
Install a KRA on a server
Synopsis
ipa-kra-install [OPTION]...
Description
Adds a KRA as an IPA-managed service. This requires that the IPA server is already installed and configured, including a CA.
The KRA (Key Recovery Authority) is a component used to securely store secrets such as passwords, symmetric keys and private asymmetric keys. It is used as the back-end repository for the IPA Password Vault.
Domain level 0 is not supported anymore.
ipa-kra-install can be used to add KRA to the existing CA, or to install the KRA service on a replica.
KRA can only be removed along with the entire server using ipa-server-install --uninstall.
Options
- -p DM_PASSWORD, --password=DM_PASSWORD
Directory Manager (existing master) password
- --no-host-dns
Do not use DNS for hostname lookup during installation
- -U, --unattended
An unattended installation that will never prompt for user input
- -v, --verbose
Enable debug output when more verbose output is needed
- -q, --quiet
Output only errors
- --log-file=FILE
Log to the given file
- --pki-config-override=FILE
File containing overrides for KRA installation.
HSM Options
The token name and library path are retrieved from the existing installation.
- --token-password=TOKEN_PASSWORD
The PKCS#11 token password for the HSM.
- --token-password-file=TOKEN_PASSWORD_FILE
The full path to a file containing the PKCS#11 token password.
Exit Status
0 if the command was successful
1 if an error occurred