a0d9026 server uninstall fails to remove krb principals

1 file Authored by frenaud 2 years ago , Committed by mbasti 2 years ago ,
    server uninstall fails to remove krb principals
    
    This patch fixes the 3rd issue of ticket 6012:
    ipa-server-install --uninstall -U
    complains while removing Kerberos service principals from /etc/krb5.keytab
    ----
    Failed to remove Kerberos service principals: Command '/usr/sbin/ipa-rmkeytab -k /etc/krb5.keytab -r DOM-221.ABC.IDM.LAB.ENG.BRQ.REDHAT.COM' returned non-zero exit status 5
    ----
    
    This happens because the uninstaller performs the following sequence:
    1/ restore pre-install files, including /etc/krb5.keytab
    At this point /etc/krb5.keytab does not contain any principal for
    IPA domain
    2/ call ipa-client-install --uninstall, which in turns runs
    ipa-rmkeytab -k /etc/krb5.keytab -r <domain>
    to remove the principals.
    
    The fix ignores ipa-rmkeytab's exit code 5 (Principal name or realm not
    found in keytab)
    
    https://fedorahosted.org/freeipa/ticket/6012
    
    Reviewed-By: Martin Basti <mbasti@redhat.com>
    
        
file modified
+7 -0