Title: #468: Remove non-sensical kdestroy on https stop
@rcritten I apologize for sounding rude. I misread your comment and interpreted
it differently than intended.
That said, if the restore to a running IPA server is not intended to be
supported, why do we have a number of tests for this scenario? I have tried to
find some discussion in the design page you posted but did not find any
discussion of restore into running server, only the steps taken.
@tiran I tend to agree with you now. It seemed like a good idea to purge
ccaches in the unit file when we switched from KEYRING: to FILE: for apache.
However the restore use-case is not the only one which can result into stale
ccache, I can also think about requesting new Apache keytab, restarting the
service and be left with a stale ccache and key mismatch again.
See the full comment at
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code