[Freeipa-devel] [freeipa PR#468][comment] Remove non-sensical kdestroy on https stop
martbab
freeipa-github-notification at redhat.com
Wed Feb 15 16:18:06 UTC 2017
URL: https://github.com/freeipa/freeipa/pull/468
Title: #468: Remove non-sensical kdestroy on https stop
martbab commented:
"""
@rcritten I apologize for sounding rude. I misread your comment and interpreted it differently than intended.
That said, if the restore to a running IPA server is not intended to be supported, why do we have a number of tests for this scenario? I have tried to find some discussion in the design page you posted but did not find any discussion of restore into running server, only the steps taken.
@tiran I tend to agree with you now. It seemed like a good idea to purge ccaches in the unit file when we switched from KEYRING: to FILE: for apache. However the restore use-case is not the only one which can result into stale ccache, I can also think about requesting new Apache keytab, restarting the service and be left with a stale ccache and key mismatch again.
"""
See the full comment at https://github.com/freeipa/freeipa/pull/468#issuecomment-280056786
More information about the Freeipa-devel
mailing list