Description of problem: When we use --remove option with realm leave, it also deletes computer account from AD. With just realm leave it does not. 1. When we use realm leave --remove it asks for Admin user credentials. So the requirement here is if I have a valid kerberos ticket, then it should use that ticket to remove system from AD domain and should not ask for credentials. 2. The above scenario works with realm join as its possible to join the domain without credentials if we have a valid kerberos ticket. This should work for realm leave --remove as well. Version-Release number of selected component (if applicable): How reproducible: [Always] Steps to Reproduce: 1. # realm leave --remove Actual results: # realm --remove leave Password for Administrator: Expected results: # realm --remove leave # [It should leave domain without asking for Admin credentials if a valid kerberos ticket is present] Additional info: [NA]
Also, in case the user is specified with "-U" there needs to be a provision to check the kerberos token for that user instead of Admin user.