Option "-P" is just a remnant of FreeIPA v1 we no longer need. Admins should not be encouraged in setting KDC master password manually, it is already autogenerated by ipa-server-install with the sufficient complexity and password quality.
ipa-server-install
pviktori's idea: rather than removing we can deprecate it: hide it in --help, mark it as deprecated in the man page, and warn when it is used.
I agree that we probably should do it in two phases -- there might be people having scripts that would get broken if the option was discontinued right away. Ignoring it with warning seems optimal for now.
Do we have a document / precedent about deprecating options?
Yes, see commit [02be7ac].
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1211602
master:
Metadata Update from @mkosek: - Issue assigned to mbabinsk - Issue set to the milestone: FreeIPA 4.2
Login to comment on this ticket.