#2736 Change DS to purge ticket from cache in case of authentication error
Closed: Invalid None Opened 10 years ago by simo.

When a user wants to reinstall a replica it hits the problem that DS uses a memory ccache and keeps old tickets (against an old set of keys) in the belly until they expire.
If a replica is removed and then recreated with the same name then DS will try to use the old ticket to perform GSSAPI auth during replication. This will fail because the ticket is no longer usable by the new replica.

DS should drop the ticket from the ccache (or drop the whole ccache, whichever is easier) when it gets an authentication error using GSSAPI on replication.

Cloned to DS as https://fedorahosted.org/389/ticket/366

NOTE: closing the ipa one as invalid as it should have been a 389ds one from the start.

Metadata Update from @simo:
- Issue assigned to someone
- Issue set to the milestone: 0.0 NEEDS_TRIAGE

5 years ago

Login to comment on this ticket.