11.6. Disabling and Re-enabling Service Entries
11.6.1. Disabling Service Entries
[jsmith@ipaserver ~]$ kinit admin $ ipa service-disable http/server.example.com
11.6.2. Re-enabling and Services
-soption sets which IdM server to request the keytab,
-pgives the principal name, and
-kgives the file to which to save the keytab.
[root@ipaserver ~]# ipa-getkeytab -s ipaserver.example.com -p HTTP/server.example.com -k /etc/httpd/conf/krb5.keytab -e aes256-cts
ipa-getkeytabcommand is run on an active IdM client or server, then it can be run without any LDAP credentials (
-w). The IdM user uses Kerberos credentials to authenticate to the domain. To run the command directly on a disabled host, then supply LDAP credentials to authenticate to the IdM server. The credentials should correspond to the host or service which is being re-enabled.