[Freeipa-devel] [PATCH 0082] remove Kerberos authenticators after service uninstall
Petr Spacek
pspacek at redhat.com
Tue Oct 13 08:04:54 UTC 2015
On 13.10.2015 09:34, Martin Babinsky wrote:
> On 10/13/2015 09:17 AM, Petr Spacek wrote:
>> On 12.10.2015 13:38, Martin Babinsky wrote:
>>>
>>> each service possessing Kerberos keytab wiil now remove it and destroy any
>>> associated credentials cache during its uninstall
>>>
>>> https://fedorahosted.org/freeipa/ticket/5243
>>
>> BTW some time ago Simo proposed that we should remove caches and old keytabs
>> during *install* so problems caused by failing uninstallation will be fixed on
>> repeated install. This is yet another step towards idempotent installer.
>>
>> To me this makes more sense than doing so on uninstall. Does it make sense to
>> you, too?
>>
>
> If the problem is formulated like this (the endpoint is that services have
> their keytabs) then it makes more sense to me. I will rework the patch
> accordingly.
Adding Simo to Cc, so we can be sure that we understood it properly :-)
Simo, does it make sense to do that on installation rather than installation?
--
Petr^2 Spacek
More information about the Freeipa-devel
mailing list