Hide Forgot
Description of problem: After a replica is uninstalled, the host record is still available on the master. A ipa host-show on this server indicates keytab is still true. Should have been cleared. Host name: ipa-replica.testrelm Principal name: host/ipa-replica.testrelm@TESTRELM Keytab: True Password: False Managed by: ipa-replica.testrelm Also when reinstalling replica, have to first run host-del on master to delete this host. So - can it be deleted as part of the uninstall, so that there is no prep for reinstall? Version-Release number of selected component (if applicable): ipa-server-2.1.3-4.el6.x86_64 How reproducible: always Steps to Reproduce: 1. Install master, replica 2. Uninstall replica 3. run ipa host-show <replica host> Actual results: Host is available, and its keytab is true Expected results: Host should not be available, and if available, its keytab should be false. Additional info:
Uninstallation is unauthenticated. You would have to kinit to a user with host privs to be able to do the uninstallation. I've always felt that this was a bit too much. The keytab in the host entry is not usable, the physical keytab is removed on the replica during the uninstall process.
Since RHEL 6.2 External Beta has begun, and this bug remains unresolved, it has been rejected as it is not proposed as exception or blocker. Red Hat invites you to ask your support representative to propose this request, if appropriate and relevant, in the next release of Red Hat Enterprise Linux.
Upstream ticket: https://fedorahosted.org/freeipa/ticket/2049
`ipa-replica-manage del` step was missing, see https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/removing-replica.html Given the FreeIPA behaves as designed, closing this ticket.