12.4. Disabling and Re-enabling Host Entries
12.4.1. Disabling Host Entries
[jsmith@ipaserver ~]$ kinit admin [jsmith@ipaserver ~]$ ipa host-disable server.example.com
12.4.2. Re-enabling Hosts
-soption sets which IdM server to request the keytab,
-pgives the principal name, and
-kgives the file to which to save the keytab.
[jsmith@ipaserver ~]$ ipa-getkeytab -s ipaserver.example.com -p host/server.example.com -k /etc/krb5.keytab -D fqdn=server.example.com,cn=computers,cn=accounts,dc=example,dc=com -w password
ipa-getkeytabcommand is run on an active IdM client or server, then it can be run without any LDAP credentials (
-w). The IdM user uses Kerberos credentials to authenticate to the domain. To run the command directly on the disabled host, then supply LDAP credentials to authenticate to the IdM server. The credentials should correspond to the host or service which is being re-enabled.