[Freeipa-devel] [freeipa PR#468][comment] Remove non-sensical kdestroy on https stop
martbab
freeipa-github-notification at redhat.com
Wed Feb 15 15:34:20 UTC 2017
URL: https://github.com/freeipa/freeipa/pull/468
Title: #468: Remove non-sensical kdestroy on https stop
martbab commented:
"""
We do not backup ccache, we back up apache keytab.
During restore into installer server we back up old Kerberos keys, but without any mechanism to purge the new apache ccache acquired during the installation of new server you would end up with key mismatch and nothing would work until the ccache expires.
As to why a) we backup Kerberos keys, and b) support restoring into running IPA server that is beyond me.
"""
See the full comment at https://github.com/freeipa/freeipa/pull/468#issuecomment-280043570
More information about the Freeipa-devel
mailing list