3.9. Renaming Client Machines
Identifying Current Service and Keytab Configuration
- Identify which services are running on the machine:
- Use the
ipa service-findcommand, and identify services with certificates in the output:
$ ipa service-find client.example.com
- In addition, each host has a default host service which does not appear in the
ipa service-findoutput. The service principal for the host service, also called a host principal, is
- Identify all host groups to which the machine belongs.
# ipa hostgroup-find client.example.com
- For all service principals displayed by
ipa service-find client.example.com, determine the location of the corresponding keytabs on
client.example.com.Each service on the client system has a Kerberos principal in the form service_name/hostname@REALM, such as
Removing the Client Machine from the IdM Domain
- Unenroll the client machine from the IdM domain. See Section 3.7, “Uninstalling a Client”.
- For each identified keytab other than
/etc/krb5.keytab, remove the old principals:
[root@client ~]# ipa-rmkeytab -k /path/to/keytab -r EXAMPLE.COM
- On an IdM server, remove the host entry. This removes all services and revokes all certificates issued for that host:
[root@server ~]# ipa host-del client.example.com
Re-enrolling the Client with a New Host Name
- Rename the machine as required.
- Re-enroll the machine as an IdM client. See Section 3.8, “Re-enrolling a Client into the IdM Domain”.
- On an IdM server, add a new keytab for every service identified in the section called “Identifying Current Service and Keytab Configuration”.
[root@server ~]# ipa service-add service_name/new_host_name
- Generate certificates for services that had a certificate assigned in the section called “Identifying Current Service and Keytab Configuration”. You can do this:
- Using the IdM administration tools. See Chapter 24, Managing Certificates for Users, Hosts, and Services.
- Using the
certmongerutility. See Working with certmonger in the System-Level Authentication Guide or the certmonger(8) man page.
- Re-add the client to the host groups identified in the section called “Identifying Current Service and Keytab Configuration”. See Section 13.3, “Adding and Removing User or Host Group Members”.