#4956 SSSD database is not cleared between installs and uninstalls of ipa
Closed: Fixed None Opened 9 years ago by pvoborni.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1204054

Description of problem:

/var/lib/sss/db is not cleared between subsequent installs and uninstalls of
the ipa-server with the same domain name. Since the server is also a client,
this creates problems with SSSD's authentication on the server. The database
entries from the first installation are still referred to even after the server
itself has been uninstalled, and a new one (same config as the previous one)
has been installed.

Version-Release number of selected component (if applicable):

ipa  4.1.0
sssd 1.12.2

How reproducible:
Easily

Steps to Reproduce:

1. ipa-server-install
2. service sshd restart
3. kinit admin   <- This always works
4. ssh admin@localhost  <- This works for the first time, fails second time
onwards
   ssh admin@ipa_server from external system   <- This also works the first
time, fails second time onwards
5. ipa-server-install --uninstall
6. goto 1

Actual results:

Permission denied

Expected results:

Successful login

Additional info:

Although this happens on the server, this is a client issue as experienced by
the client implicitly installed on the server. It should also be verified that
actual clients don't face this problem when the ipa server is re-installed or
migrated to a different system, and the client needs to re-register.

This ticket is not critical for 4.2 GA and can be done in follow-up stabilization release - postponing.

That's great, as #5049 was fixed:

master:[[BR]]
3772993 Clear SSSD caches when uninstalling the client

ipa-4-1:[[BR]]
222427c Clear SSSD caches when uninstalling the client

Metadata Update from @pvoborni:
- Issue assigned to someone
- Issue set to the milestone: FreeIPA 4.2

7 years ago

Login to comment on this ticket.

Metadata