Description of problem:
As per https://github.com/freeipa/freeipa/pull/556/ IPA doesn't allow standalone KRA uninstallation. We should update warning message presented when IPA KRA installation fails with some error.
Directory Manager password:
This program will setup Dogtag KRA for the IPA Server.
Configuring KRA server (pki-tomcatd). Estimated time: 2 minutes
[1/9]: creating installation admin user
[error] ACIError: Insufficient access: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Decrypt integrity check failed)
Your system may be partly configured.
Run ipa-kra-install --uninstall to clean up.
Insufficient access: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Decrypt integrity check failed)
The ipa-kra-install command failed. See /var/log/ipaserver-kra-install.log for more information
Version-Release number of selected component (if applicable):
# rpm -q freeipa-server freeipa-client ipa-server ipa-client 389-ds-base pki-ca krb5-server
package freeipa-server is not installed
package freeipa-client is not installed
Steps to Reproduce:
1. Install IPA KRA without kinit
User is presented with 'Run ipa-kra-install --uninstall to clean up.'
Above error should be rephrased as standalone KRA uninstall is not supported. Also, man page should be updated.
Verified using IPA Server version:: ipa-server-4.5.0-13.el7.x86_64
Warning message is updated to "If you run into issues, you may have to re-install IPA on this server."
Marking BZ as verified.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.