[Freeipa-devel] [PATCH 0082] remove Kerberos authenticators after service uninstall
Martin Basti
mbasti at redhat.com
Tue Oct 13 11:57:50 UTC 2015
On 13.10.2015 10:04, Petr Spacek wrote:
> On 13.10.2015 09:34, Martin Babinsky wrote:
>> On 10/13/2015 09:17 AM, Petr Spacek wrote:
>>> On 12.10.2015 13:38, Martin Babinsky wrote:
>>>> each service possessing Kerberos keytab wiil now remove it and destroy any
>>>> associated credentials cache during its uninstall
>>>>
>>>> https://fedorahosted.org/freeipa/ticket/5243
>>> BTW some time ago Simo proposed that we should remove caches and old keytabs
>>> during *install* so problems caused by failing uninstallation will be fixed on
>>> repeated install. This is yet another step towards idempotent installer.
>>>
>>> To me this makes more sense than doing so on uninstall. Does it make sense to
>>> you, too?
>>>
>> If the problem is formulated like this (the endpoint is that services have
>> their keytabs) then it makes more sense to me. I will rework the patch
>> accordingly.
> Adding Simo to Cc, so we can be sure that we understood it properly :-)
>
> Simo, does it make sense to do that on installation rather than installation?
>
I would like to keep removing keytabs during uninstall too, IPA should
clean own mess.
Martin2
More information about the Freeipa-devel
mailing list