Bug 712162
Summary: | Re-joining a host appends the keytab with an existing KVNO. | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Gowrishankar Rajaiyan <grajaiya> |
Component: | doc-Identity_Management_Guide | Assignee: | Deon Ballard <dlackey> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | ecs-bugs |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.2 | CC: | dlackey, dpal, jgalipea, jskeoch, kchamart, mkosek |
Target Milestone: | rc | Keywords: | Documentation, Reopened |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2011-12-12 19:15:22 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Gowrishankar Rajaiyan
2011-06-09 16:34:43 UTC
This is not a valid test. ipa-join does not claim to remove keytab entries (in fact ipa-rmkeytab does). ipa-client-install should be used to unenroll a client, not ipa-join -u. Then it doesn't make any sense to me of having this confusing option (-u) for ipa-join. # ipa-join --help Usage: ipa-join [OPTION...] -d, --debug Print the raw XML-RPC output in GSSAPI mode -q, --quiet Quiet mode. Only errors are displayed. -u, --unenroll Unenroll this host from IPA server -h, --hostname=hostname Hostname of this server -s, --server=hostname IPA Server to use -k, --keytab=filename Specifies where to store keytab information. -w, --bindpw=password LDAP password (if not using Kerberos) I don't see this option in 5.7 client: [root@drifter ~]# ipa-join --help Usage: ipa-join [OPTION...] -d, --debug Print the raw XML-RPC output -q, --quiet Print as little as possible -h, --hostname=Host Name Use this hostname instead of the node name -s, --server=IPA Server Name IPA Server to use -k, --keytab=Keytab File Name File were to store the keytab information -w, --bindpw=password to use if not using kerberos LDAP password Help options: -?, --help Show this help message --usage Display brief usage message [root@drifter ~]# rpm -qf `which ipa-join` ipa-client-2.0-10.el5_6.1 The functionality is correct. IMO it is not a bug. Yes it is a bit confusing but AFAIR we already talked about it did not find a way to make it less confusing. ipa-client-install --uninstall should be used to uninstall the client. ipa-join -u is a utility function called in this process. If you want to do things manually you need to be aware that ipa-join -u is just a part of the process and does not do everything. May be we should have a paragraph about this in the manual. Shall we turn this into a documentation bug? And the man pages, as we already discussed could use some work. Reopening as a doc bug. I added a section on uninstalling clients: http://documentation-stage.bne.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/96.2/html/Enterprise_Identity_Management_Guide/uninstalling-clients.html |