[Freeipa-users] ipa-server-install --uninstall leaves httpd crippled ?
Rob Crittenden
rcritten at redhat.com
Thu May 26 13:37:30 UTC 2016
Abhijeet Kasurde wrote:
> Hi all,
>
> I am able to reproduce this issue.
>
> Here is some last messages of /var/log/httpd/error_log
>
> [Thu May 26 17:13:36.269546 2016] [mpm_prefork:notice] [pid 17657]
> AH00170: caught SIGWINCH, shutting down gracefully
> [Thu May 26 17:14:42.196661 2016] [core:notice] [pid 23685] SELinux
> policy enabled; httpd running as context system_u:system_r:httpd_t:s0
> [Thu May 26 17:14:42.208531 2016] [suexec:notice] [pid 23685] AH01232:
> suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
> [Thu May 26 17:14:42.208561 2016] [:warn] [pid 23685]
> NSSSessionCacheTimeout is deprecated. Ignoring.
> [Thu May 26 17:14:42.599338 2016] [:error] [pid 23685] Password for slot
> internal is incorrect.
> [Thu May 26 17:14:42.602821 2016] [:error] [pid 23685] NSS
> initialization failed. Certificate database: /etc/httpd/alias.
> [Thu May 26 17:14:42.602849 2016] [:error] [pid 23685] SSL Library
> Error: -8177 The security password entered is incorrect
>
> Steps used to reproduce:
>
> 1. Install httpd
> 2. Install ipa-server
> 3. Configure ipa-server
> 4. Uninstall ipa-server
Try changing NSSPassPhraseDialog to builtin in nss.conf and restarting.
IIRC the original databases are restored but the IPA password is being used.
rob
>
> On 05/26/2016 05:13 PM, Martin Babinsky wrote:
>> On 05/26/2016 12:12 PM, lejeczek wrote:
>>> hi people
>>>
>>> I've noticed that --uninstall leaves httpd unable to restart.
>>>
>>> I think it's what was not cleaned up in /etc/httpd/alias
>>>
>>> I logs I see:
>>>
>>> [Thu May 26 11:03:43.318091 2016] [:error] [pid 6930] NSS initialization
>>> failed. Certificate database: /etc/httpd/alias.
>>> [Thu May 26 11:03:43.318113 2016] [:error] [pid 6930] SSL Library Error:
>>> -8177 The security password entered is incorrect
>>>
>>> am I correct? Should the process not take care of that db?
>>>
>>> regards
>>>
>>> L.
>>>
>> Hi,
>>
>> this is a known issue and we have a ticket for it:
>>
>> https://fedorahosted.org/freeipa/ticket/4639
>>
>
More information about the Freeipa-users
mailing list