PKINIT Configuration
Configure PKINIT for certificate-based Kerberos authentication. PKINIT enables users and services to obtain Kerberos tickets using X.509 certificates instead of passwords. Features include anonymous PKINIT support and configuration of certificate validation requirements for flexible, certificate-based authentication workflows.
Report IPA masters on which Kerberos PKINIT is enabled or disabled
EXAMPLES:
List PKINIT status on all masters:
ipa pkinit-statusCheck PKINIT status on `ipa.example.com`:
ipa pkinit-status --server ipa.example.comList all IPA masters with disabled PKINIT:
ipa pkinit-status --status='disabled'
For more info about PKINIT support see:
https://www.freeipa.org/page/V4/Kerberos_PKINIT
Commands
Command Description
pkinit-status Report PKINIT status on the IPA masters
pkinit-status
Usage: ipa [global-options] pkinit-status [CRITERIA] [options]
Report PKINIT status on the IPA masters
Arguments
Argument Required Description
CRITERIA no A string searched in all relevant object
attributes
Options
Option Description
--server SERVER IPA server hostname
--status STATUS Whether PKINIT is enabled or disabled
--timelimit TIMELIMIT Time limit of search in seconds (0 is unlimited)
--sizelimit SIZELIMIT Maximum number of entries returned (0 is
unlimited)
--all Retrieve and print all attributes from the
server. Affects command output.