On 21.10.2015 17:55, Martin Babinsky wrote:
> On 10/13/2015 09:17 AM, Petr Spacek wrote:
>> On 12.10.2015 13:38, Martin Babinsky wrote:
>>>
>>> each service possessing Kerberos keytab wiil now remove it and destroy any
>>> associated credentials cache during its uninstall
>>>
>>> https://fedorahosted.org/freeipa/ticket/5243
>>
>> BTW some time ago Simo proposed that we should remove caches and old keytabs
>> during *install* so problems caused by failing uninstallation will be fixed 
>> on
>> repeated install. This is yet another step towards idempotent installer.
>>
>> To me this makes more sense than doing so on uninstall. Does it make sense to
>> you, too?
>>
> 
> Attaching updated patch that does cleanup also before each instance creation.
> It is a bit ugly I admit, but I couldn't think of a better way to do it and
> didn't want to poke into service/instance code more than neccesary.

NACK, but we are almost there!

* kdestroy -A is too aggressive and wipes root's keyring after each run of
ipa-*-install utils.

* There are some scattered leftovers of ipautil.run['kdestroy'...] in the
tree. Please get rid of them.

Thank you!

-- 
Petr^2 Spacek

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to