When a user wants to reinstall a replica it hits the problem that DS uses a memory ccache and keeps old tickets (against an old set of keys) in the belly until they expire. If a replica is removed and then recreated with the same name then DS will try to use the old ticket to perform GSSAPI auth during replication. This will fail because the ticket is no longer usable by the new replica.
DS should drop the ticket from the ccache (or drop the whole ccache, whichever is easier) when it gets an authentication error using GSSAPI on replication.
Cloned to DS as https://fedorahosted.org/389/ticket/366
NOTE: closing the ipa one as invalid as it should have been a 389ds one from the start.
Metadata Update from @simo: - Issue assigned to someone - Issue set to the milestone: 0.0 NEEDS_TRIAGE
Log in to comment on this ticket.