[Freeipa-devel] [PATCH 0082] remove Kerberos authenticators after service uninstall
Martin Babinsky
mbabinsk at redhat.com
Wed Nov 11 09:49:31 UTC 2015
On 11/11/2015 10:36 AM, Martin Basti wrote:
>
>
> On 10.11.2015 17:36, Petr Spacek wrote:
>> On 4.11.2015 11:56, Martin Babinsky wrote:
>>> On 10/22/2015 05:32 PM, Petr Spacek wrote:
>>>> On 21.10.2015 17:55, Martin Babinsky wrote:
>>>>> On 10/13/2015 09:17 AM, Petr Spacek wrote:
>>>>>> On 12.10.2015 13:38, Martin Babinsky wrote:
>>>>>>> each service possessing Kerberos keytab wiil now remove it and
>>>>>>> destroy any
>>>>>>> associated credentials cache during its uninstall
>>>>>>>
>>>>>>> https://fedorahosted.org/freeipa/ticket/5243
>>>>>> BTW some time ago Simo proposed that we should remove caches and
>>>>>> old keytabs
>>>>>> during *install* so problems caused by failing uninstallation will be
>>>>>> fixed on
>>>>>> repeated install. This is yet another step towards idempotent
>>>>>> installer.
>>>>>>
>>>>>> To me this makes more sense than doing so on uninstall. Does it
>>>>>> make sense to
>>>>>> you, too?
>>>>>>
>>>>> Attaching updated patch that does cleanup also before each instance
>>>>> creation.
>>>>> It is a bit ugly I admit, but I couldn't think of a better way to
>>>>> do it and
>>>>> didn't want to poke into service/instance code more than neccesary.
>>>> NACK, but we are almost there!
>>>>
>>>> * kdestroy -A is too aggressive and wipes root's keyring after each
>>>> run of
>>>> ipa-*-install utils.
>>>>
>>>> * There are some scattered leftovers of ipautil.run['kdestroy'...]
>>>> in the
>>>> tree. Please get rid of them.
>>>>
>>>> Thank you!
>>>>
>>> Attaching updated patch. It got lost somewhere in the list.
>> ACK, thank you for patience.
>>
>
> The patch needs rebase.
Rebased patch attached.
--
Martin^3 Babinsky
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mbabinsk-0082.3-remove-Kerberos-authenticators-when-installing-unins.patch
Type: text/x-patch
Size: 8262 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20151111/65795d43/attachment.bin>
More information about the Freeipa-devel
mailing list