so that httpd ccache won't contain old credentials which would make ipa
CLI fail with error:
Insufficient access: SASL(-1): generic failure: GSSAPI Error:
Unspecified GSS failure. Minor code may provide more information
(Decrypt integrity check failed)
https://fedorahosted.org/freeipa/ticket/4726
--
Petr Vobornik
From 4483d0edd36d56245dfd379dd4360b9af5d3bc86 Mon Sep 17 00:00:00 2001
From: Petr Vobornik <pvobo...@redhat.com>
Date: Thu, 20 Nov 2014 15:11:02 +0100
Subject: [PATCH] restore: clear httpd ccache after restore
so that httpd ccache won't contain old credentials which would make ipa CLI fail with error:
Insufficient access: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Decrypt integrity check failed)
https://fedorahosted.org/freeipa/ticket/4726
---
ipaserver/install/ipa_restore.py | 2 ++
1 file changed, 2 insertions(+)
diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py
index 8b1e80f5ed5e140ccb17ea0b63d92b6049507b74..72afcc5832bf38074318d98e795a779ee6475f34 100644
--- a/ipaserver/install/ipa_restore.py
+++ b/ipaserver/install/ipa_restore.py
@@ -315,6 +315,8 @@ class Restore(admintool.AdminTool):
self.log.info('Restarting SSSD')
sssd = services.service('sssd')
sssd.restart()
+ http = httpinstance.HTTPInstance()
+ http.remove_httpd_ccache()
finally:
try:
os.chdir(cwd)
--
1.9.3
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
