[Freeipa-devel] [PATCH 0082] remove Kerberos authenticators after service uninstall
Martin Babinsky
mbabinsk at redhat.com
Tue Oct 13 07:34:39 UTC 2015
On 10/13/2015 09:17 AM, Petr Spacek wrote:
> On 12.10.2015 13:38, Martin Babinsky wrote:
>>
>> each service possessing Kerberos keytab wiil now remove it and destroy any
>> associated credentials cache during its uninstall
>>
>> https://fedorahosted.org/freeipa/ticket/5243
>
> BTW some time ago Simo proposed that we should remove caches and old keytabs
> during *install* so problems caused by failing uninstallation will be fixed on
> repeated install. This is yet another step towards idempotent installer.
>
> To me this makes more sense than doing so on uninstall. Does it make sense to
> you, too?
>
If the problem is formulated like this (the endpoint is that services
have their keytabs) then it makes more sense to me. I will rework the
patch accordingly.
--
Martin^3 Babinsky
More information about the Freeipa-devel
mailing list