URL: https://github.com/freeipa/freeipa/pull/468 Title: #468: Remove non-sensical kdestroy on https stop
martbab commented: """ @rcritten I apologize for sounding rude. I misread your comment and interpreted it differently than intended. That said, if the restore to a running IPA server is not intended to be supported, why do we have a number of tests for this scenario? I have tried to find some discussion in the design page you posted but did not find any discussion of restore into running server, only the steps taken. @tiran I tend to agree with you now. It seemed like a good idea to purge ccaches in the unit file when we switched from KEYRING: to FILE: for apache. However the restore use-case is not the only one which can result into stale ccache, I can also think about requesting new Apache keytab, restarting the service and be left with a stale ccache and key mismatch again. """ See the full comment at https://github.com/freeipa/freeipa/pull/468#issuecomment-280056786
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code