16.5. Disabling and Re-enabling Service Entries
Active services can be accessed by other services, hosts, and users within the domain. There can be situations when it is necessary to remove a host or a service from activity. However, deleting a service or a host removes the entry and all the associated configuration, and it removes it permanently.
16.5.1. Disabling Service Entries
Disabling a service prevents domain users from access it without permanently removing it from the domain. This can be done by using the service-disable command.
For a service, specify the principal for the service. For example:
[jsmith@ipaserver ~]$ kinit admin [jsmith@ipaserver ~]$ ipa service-disable HTTP/server.example.com
Disabling a host entry not only disables that host. It disables every configured service on that host as well.
16.5.2. Re-enabling Services
Disabling a service essentially kills its current, active keytabs. Removing the keytabs effectively removes the service from the IdM domain without otherwise touching its configuration entry.
To re-enable a service, simply use the ipa-getkeytab command. The
-s option sets which IdM server to request the keytab,
-p gives the principal name, and
-k gives the file to which to save the keytab.
For example, requesting a new HTTP keytab:
[root@ipaserver ~]# ipa-getkeytab -s ipaserver.example.com -p HTTP/server.example.com -k /etc/httpd/conf/krb5.keytab -e aes256-cts