On 4.11.2015 11:56, Martin Babinsky wrote: > On 10/22/2015 05:32 PM, Petr Spacek wrote: >> On 21.10.2015 17:55, Martin Babinsky wrote: >>> On 10/13/2015 09:17 AM, Petr Spacek wrote: >>>> On 12.10.2015 13:38, Martin Babinsky wrote: >>>>> >>>>> each service possessing Kerberos keytab wiil now remove it and destroy any >>>>> associated credentials cache during its uninstall >>>>> >>>>> https://fedorahosted.org/freeipa/ticket/5243 >>>> >>>> BTW some time ago Simo proposed that we should remove caches and old >>>> keytabs >>>> during *install* so problems caused by failing uninstallation will be >>>> fixed on >>>> repeated install. This is yet another step towards idempotent installer. >>>> >>>> To me this makes more sense than doing so on uninstall. Does it make sense >>>> to >>>> you, too? >>>> >>> >>> Attaching updated patch that does cleanup also before each instance >>> creation. >>> It is a bit ugly I admit, but I couldn't think of a better way to do it and >>> didn't want to poke into service/instance code more than neccesary. >> >> NACK, but we are almost there! >> >> * kdestroy -A is too aggressive and wipes root's keyring after each run of >> ipa-*-install utils. >> >> * There are some scattered leftovers of ipautil.run['kdestroy'...] in the >> tree. Please get rid of them. >> >> Thank you! >> > Attaching updated patch. It got lost somewhere in the list.
ACK, thank you for patience. -- Petr^2 Spacek -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
