so that httpd ccache won't contain old credentials which would make ipa CLI fail with error:

Insufficient access: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Decrypt integrity check failed)


https://fedorahosted.org/freeipa/ticket/4726
--
Petr Vobornik
From 4483d0edd36d56245dfd379dd4360b9af5d3bc86 Mon Sep 17 00:00:00 2001
From: Petr Vobornik <pvobo...@redhat.com>
Date: Thu, 20 Nov 2014 15:11:02 +0100
Subject: [PATCH] restore: clear httpd ccache after restore

so that httpd ccache won't contain old credentials which would make ipa CLI fail with error:

 Insufficient access: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Decrypt integrity check failed)

https://fedorahosted.org/freeipa/ticket/4726
---
 ipaserver/install/ipa_restore.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py
index 8b1e80f5ed5e140ccb17ea0b63d92b6049507b74..72afcc5832bf38074318d98e795a779ee6475f34 100644
--- a/ipaserver/install/ipa_restore.py
+++ b/ipaserver/install/ipa_restore.py
@@ -315,6 +315,8 @@ class Restore(admintool.AdminTool):
                 self.log.info('Restarting SSSD')
                 sssd = services.service('sssd')
                 sssd.restart()
+                http = httpinstance.HTTPInstance()
+                http.remove_httpd_ccache()
         finally:
             try:
                 os.chdir(cwd)
-- 
1.9.3

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to