A host is normally created with a Kerberos principal set except in the case where it is created with either a user-provided or random password for OTP enrollment.
If you create a host with a NULL password, --password=, the principal is not set and the Kerberos objectclasses aren't added. No password is actually set on the host.
I think the issue is in the pre callback in this line:
if 'userpassword' not in entry_attrs and not options.get('random', False): # create the principal, append the objectclasses
To reproduce compare the output of the first to the second:
$ ipa host-add --all --raw somehost $ ipa host-add --all --raw --password= someotherhost
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1052979
master: 0070c0f[[BR]] ipa-3-3: 0fe745e
Metadata Update from @rcritten: - Issue assigned to rcritten - Issue set to the milestone: FreeIPA 3.3.x - 2014/01 (bug fixing)
Login to comment on this ticket.