Bug 749593

Summary: ipa-server-install --uninstall on replica doesn't clear keytab for this host on the master
Product: Red Hat Enterprise Linux 7 Reporter: Namita Soman <nsoman>
Component: ipaAssignee: Martin Kosek <mkosek>
Status: CLOSED NOTABUG QA Contact: IDM QE LIST <seceng-idm-qe-list>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 7.0CC: dpal, jgalipea, mkosek
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-01-16 11:41:35 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 756082    

Description Namita Soman 2011-10-27 16:00:46 UTC 
Description of problem:
After a replica is uninstalled, the host record is still available on the master. A ipa host-show on this server indicates keytab is still true. Should have been cleared.
  Host name: ipa-replica.testrelm
  Principal name: host/ipa-replica.testrelm@TESTRELM
  Keytab: True
  Password: False
  Managed by: ipa-replica.testrelm

Also when reinstalling replica, have to first run host-del on master to delete this host. So - can it be deleted as part of the uninstall, so that there is no prep for reinstall?

Version-Release number of selected component (if applicable):
ipa-server-2.1.3-4.el6.x86_64

How reproducible:
always

Steps to Reproduce:
1. Install master, replica
2. Uninstall replica
3. run ipa host-show <replica host>
  
Actual results:
Host is available, and its keytab is true

Expected results:
Host should not be available, and if available, its keytab should be false.

Additional info:
Comment 2 Rob Crittenden 2011-10-27 16:59:03 UTC 
Uninstallation is unauthenticated. You would have to kinit to a user with host privs to be able to do the uninstallation. I've always felt that this was a bit too much.

The keytab in the host entry is not usable, the physical keytab is removed on the replica during the uninstall process.
Comment 3 RHEL Program Management 2011-10-31 05:47:28 UTC 
Since RHEL 6.2 External Beta has begun, and this bug remains
unresolved, it has been rejected as it is not proposed as
exception or blocker.

Red Hat invites you to ask your support representative to
propose this request, if appropriate and relevant, in the
next release of Red Hat Enterprise Linux.
Comment 4 Dmitri Pal 2011-11-01 17:50:54 UTC 
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/2049
Comment 8 Martin Kosek 2015-01-16 11:41:35 UTC 
`ipa-replica-manage del` step was missing, see

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/removing-replica.html

Given the FreeIPA behaves as designed, closing this ticket.