[Freeipa-devel] [PATCH 0082] remove Kerberos authenticators after service uninstall
Martin Babinsky
mbabinsk at redhat.com
Wed Nov 4 10:56:08 UTC 2015
On 10/22/2015 05:32 PM, Petr Spacek wrote:
> On 21.10.2015 17:55, Martin Babinsky wrote:
>> On 10/13/2015 09:17 AM, Petr Spacek wrote:
>>> On 12.10.2015 13:38, Martin Babinsky wrote:
>>>>
>>>> each service possessing Kerberos keytab wiil now remove it and destroy any
>>>> associated credentials cache during its uninstall
>>>>
>>>> https://fedorahosted.org/freeipa/ticket/5243
>>>
>>> BTW some time ago Simo proposed that we should remove caches and old keytabs
>>> during *install* so problems caused by failing uninstallation will be fixed on
>>> repeated install. This is yet another step towards idempotent installer.
>>>
>>> To me this makes more sense than doing so on uninstall. Does it make sense to
>>> you, too?
>>>
>>
>> Attaching updated patch that does cleanup also before each instance creation.
>> It is a bit ugly I admit, but I couldn't think of a better way to do it and
>> didn't want to poke into service/instance code more than neccesary.
>
> NACK, but we are almost there!
>
> * kdestroy -A is too aggressive and wipes root's keyring after each run of
> ipa-*-install utils.
>
> * There are some scattered leftovers of ipautil.run['kdestroy'...] in the
> tree. Please get rid of them.
>
> Thank you!
>
Attaching updated patch. It got lost somewhere in the list.
--
Martin^3 Babinsky
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbabinsk-0082.2-remove-Kerberos-authenticators-when-installing-unins.patch
Type: text/x-patch
Size: 8317 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20151104/59f5194d/attachment.bin>
More information about the Freeipa-devel
mailing list