Bug 430979 - Require client uninstall
Require client uninstall
Status: CLOSED ERRATA
Product: freeIPA
Classification: Community
Component: ipa-client (Show other bugs)
1.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Simo Sorce
Chandrasekar Kannan
:
Depends On:
Blocks: freeipa10 429034
  Show dependency treegraph
 
Reported: 2008-01-30 16:53 EST by Scott Haines
Modified: 2015-01-22 10:29 EST (History)
1 user (show)

See Also:
Fixed In Version: freeipa-2.0.0-1.fc15
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-03-27 03:13:16 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Scott Haines 2008-01-30 16:53:24 EST
Require client uninstall.
Comment 1 Chandrasekar Kannan 2008-02-26 02:21:26 EST
simo raised some concerns about what/how to uninstall. 
per bug council on 02/20 , there was some consensus that the utility
should display appropriate warning before removing/restoring back
configuration.

Comment 2 Yi Zhang 2008-05-23 14:53:33 EDT
where is the client uninstall tool and how to use it?
Comment 3 Simo Sorce 2008-05-23 14:59:49 EDT
ipa-client-install --uninstall
Comment 4 Yi Zhang 2008-05-23 17:16:42 EDT
The build i used is daily build : May 23, 2008
If all ipa-client-install --uninstall do is modify the /etc/ipa/ipa.conf &
/etc/krb5.conf file, Then this bug is fixed. Please verify my understanding.

My test is below

 [root@ipaclient ~]# ipa-client-install --uninstall
Restoring client configuration files
Disabling client Kerberos and Ldap configurations
The original nsswitch.conf configuration has been restored.
You may need to restart services or reboot the machine.
Do you want to reboot the machine? [y/N]: y


--> and after root

[root@ipaclient ~]# vi /etc/ipa/ipa.conf
[root@ipaclient ~]# cat < /etc/ipa/ipa.conf
[defaults]
# realm = EXAMPLE.COM
# server = ipa.example.com

Comment 5 Simo Sorce 2008-05-23 17:40:55 EDT
it also restores the stock nsswitch and pam stacks.
This is all it needs to do, yes.
Comment 6 Yi Zhang 2008-05-29 13:58:40 EDT
QA Verified on May 29, 2008 (Yi)

Build used: May 29, 2008 (i386)


The diff test is below: (for pam stacks /etc/pam.d/system-auth>
<before and after ipa-client uninstall compare>
diff -r /tmp/pam.d/system-auth ./system-auth
7d6
< auth        sufficient    pam_krb5.so use_first_pass
10c9
< account     required      pam_unix.so broken_shadow
---
> account     required      pam_unix.so
12d10
< account     [default=bad success=ok user_unknown=ignore] pam_krb5.so
17d14
< password    sufficient    pam_krb5.so use_authtok
24d20
< session     optional      pam_krb5.so
diff -r /tmp/pam.d/system-auth-ac ./system-auth-ac
7d6
< auth        sufficient    pam_krb5.so use_first_pass
10c9
< account     required      pam_unix.so broken_shadow
---
> account     required      pam_unix.so
12d10
< account     [default=bad success=ok user_unknown=ignore] pam_krb5.so
17d14
< password    sufficient    pam_krb5.so use_authtok
24d20
< session     optional      pam_krb5.so

Note You need to log in before you can comment on or make changes to this bug.