Require client uninstall.
simo raised some concerns about what/how to uninstall. per bug council on 02/20 , there was some consensus that the utility should display appropriate warning before removing/restoring back configuration.
where is the client uninstall tool and how to use it?
ipa-client-install --uninstall
The build i used is daily build : May 23, 2008 If all ipa-client-install --uninstall do is modify the /etc/ipa/ipa.conf & /etc/krb5.conf file, Then this bug is fixed. Please verify my understanding. My test is below [root@ipaclient ~]# ipa-client-install --uninstall Restoring client configuration files Disabling client Kerberos and Ldap configurations The original nsswitch.conf configuration has been restored. You may need to restart services or reboot the machine. Do you want to reboot the machine? [y/N]: y --> and after root [root@ipaclient ~]# vi /etc/ipa/ipa.conf [root@ipaclient ~]# cat < /etc/ipa/ipa.conf [defaults] # realm = EXAMPLE.COM # server = ipa.example.com
it also restores the stock nsswitch and pam stacks. This is all it needs to do, yes.
QA Verified on May 29, 2008 (Yi) Build used: May 29, 2008 (i386) The diff test is below: (for pam stacks /etc/pam.d/system-auth> <before and after ipa-client uninstall compare> diff -r /tmp/pam.d/system-auth ./system-auth 7d6 < auth sufficient pam_krb5.so use_first_pass 10c9 < account required pam_unix.so broken_shadow --- > account required pam_unix.so 12d10 < account [default=bad success=ok user_unknown=ignore] pam_krb5.so 17d14 < password sufficient pam_krb5.so use_authtok 24d20 < session optional pam_krb5.so diff -r /tmp/pam.d/system-auth-ac ./system-auth-ac 7d6 < auth sufficient pam_krb5.so use_first_pass 10c9 < account required pam_unix.so broken_shadow --- > account required pam_unix.so 12d10 < account [default=bad success=ok user_unknown=ignore] pam_krb5.so 17d14 < password sufficient pam_krb5.so use_authtok 24d20 < session optional pam_krb5.so