Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 430979

Summary: Require client uninstall
Product: [Retired] freeIPA Reporter: Scott Haines <shaines>
Component: ipa-clientAssignee: Simo Sorce <ssorce>
Status: CLOSED ERRATA QA Contact: Chandrasekar Kannan <ckannan>
Severity: medium Docs Contact:
Priority: medium    
Version: 1.0CC: benl
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: freeipa-2.0.0-1.fc15 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-03-27 07:13:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 246164, 429034    

Description Scott Haines 2008-01-30 21:53:24 UTC
Require client uninstall.

Comment 1 Chandrasekar Kannan 2008-02-26 07:21:26 UTC
simo raised some concerns about what/how to uninstall. 
per bug council on 02/20 , there was some consensus that the utility
should display appropriate warning before removing/restoring back
configuration.



Comment 2 Yi Zhang 2008-05-23 18:53:33 UTC
where is the client uninstall tool and how to use it?

Comment 3 Simo Sorce 2008-05-23 18:59:49 UTC
ipa-client-install --uninstall

Comment 4 Yi Zhang 2008-05-23 21:16:42 UTC
The build i used is daily build : May 23, 2008
If all ipa-client-install --uninstall do is modify the /etc/ipa/ipa.conf &
/etc/krb5.conf file, Then this bug is fixed. Please verify my understanding.

My test is below

 [root@ipaclient ~]# ipa-client-install --uninstall
Restoring client configuration files
Disabling client Kerberos and Ldap configurations
The original nsswitch.conf configuration has been restored.
You may need to restart services or reboot the machine.
Do you want to reboot the machine? [y/N]: y


--> and after root

[root@ipaclient ~]# vi /etc/ipa/ipa.conf
[root@ipaclient ~]# cat < /etc/ipa/ipa.conf
[defaults]
# realm = EXAMPLE.COM
# server = ipa.example.com



Comment 5 Simo Sorce 2008-05-23 21:40:55 UTC
it also restores the stock nsswitch and pam stacks.
This is all it needs to do, yes.

Comment 6 Yi Zhang 2008-05-29 17:58:40 UTC
QA Verified on May 29, 2008 (Yi)

Build used: May 29, 2008 (i386)


The diff test is below: (for pam stacks /etc/pam.d/system-auth>
<before and after ipa-client uninstall compare>
diff -r /tmp/pam.d/system-auth ./system-auth
7d6
< auth        sufficient    pam_krb5.so use_first_pass
10c9
< account     required      pam_unix.so broken_shadow
---
> account     required      pam_unix.so
12d10
< account     [default=bad success=ok user_unknown=ignore] pam_krb5.so
17d14
< password    sufficient    pam_krb5.so use_authtok
24d20
< session     optional      pam_krb5.so
diff -r /tmp/pam.d/system-auth-ac ./system-auth-ac
7d6
< auth        sufficient    pam_krb5.so use_first_pass
10c9
< account     required      pam_unix.so broken_shadow
---
> account     required      pam_unix.so
12d10
< account     [default=bad success=ok user_unknown=ignore] pam_krb5.so
17d14
< password    sufficient    pam_krb5.so use_authtok
24d20
< session     optional      pam_krb5.so