Bug 1444787 - Update warning message when KRA installation fails
Summary: Update warning message when KRA installation fails
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.4
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: IPA Maintainers
QA Contact: Abhijeet Kasurde
Depends On:
TreeView+ depends on / blocked
Reported: 2017-04-24 09:58 UTC by Abhijeet Kasurde
Modified: 2017-08-01 09:48 UTC (History)
5 users (show)

Fixed In Version: ipa-4.5.0-10.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2017-08-01 09:48:56 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:2304 normal SHIPPED_LIVE ipa bug fix and enhancement update 2017-08-01 12:41:35 UTC

Description Abhijeet Kasurde 2017-04-24 09:58:33 UTC
Description of problem:
As per https://github.com/freeipa/freeipa/pull/556/ IPA doesn't allow standalone KRA uninstallation. We should update warning message presented when IPA KRA installation fails with some error. 

# ipa-kra-install
Directory Manager password:

This program will setup Dogtag KRA for the IPA Server.

Configuring KRA server (pki-tomcatd). Estimated time: 2 minutes
  [1/9]: creating installation admin user
  [error] ACIError: Insufficient access: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Decrypt integrity check failed)

Your system may be partly configured.
Run ipa-kra-install --uninstall to clean up.

Insufficient access: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Decrypt integrity check failed)
The ipa-kra-install command failed. See /var/log/ipaserver-kra-install.log for more information

Version-Release number of selected component (if applicable):
# rpm -q freeipa-server freeipa-client ipa-server ipa-client 389-ds-base pki-ca krb5-server
package freeipa-server is not installed
package freeipa-client is not installed

How reproducible:

Steps to Reproduce:
1. Install IPA KRA without kinit 

Actual results:
User is presented with 'Run ipa-kra-install --uninstall to clean up.'

Expected results:
Above error should be rephrased as standalone KRA uninstall is not supported. Also, man page should be updated.

Comment 2 Petr Vobornik 2017-05-03 09:45:56 UTC
Upstream ticket:

Comment 5 Abhijeet Kasurde 2017-05-25 09:31:19 UTC
Verified using IPA Server version:: ipa-server-4.5.0-13.el7.x86_64

Warning message is updated to "If you run into issues, you may have to re-install IPA on this server." 

Marking BZ as verified.

Comment 6 errata-xmlrpc 2017-08-01 09:48:56 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.