If available on the system, Cockpit uses realmd and the DBus APIs it provides to configure the system's Active Directory or IPA domain membership.

Not all systems can join all kinds of domains. This depends on the availability of the necessary client software.

For non root users, realmd controls access to its APIs via Policy Kit and a user logged into Cockpit will have the same permissions as they do from the command line.

To perform similar tasks from the command line, use the realm command:

$ realm join
Password for Administrator:

realmd sets up domain-qualified user names by default, i. e. login user names look like "". For using unqualified names (just "user"), set the fully-qualified-names option in /etc/realmd.conf before joining a domain.

Cockpit requests an SSL certificate from the IPA server for cockpit-ws with the ipa-getcert command.