URL: https://github.com/freeipa/freeipa/pull/468
Title: #468: Remove non-sensical kdestroy on https stop

martbab commented:
@rcritten I apologize for sounding rude. I misread your comment and interpreted 
it differently than intended.

That said, if the restore to a running IPA server is not intended to be 
supported, why do we have a number of tests for this scenario?  I have tried to 
find some discussion in the design page you posted but did not find any 
discussion of restore into running server, only the steps taken.

@tiran I tend to agree with you now. It seemed like a good idea to purge 
ccaches in the unit file when we switched from KEYRING: to FILE: for apache. 
However the restore use-case is not the only one which can result into stale 
ccache, I can also think about requesting new Apache keytab, restarting the 
service and be left with a stale ccache and key mismatch again.


See the full comment at 
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to