Issue #5296: GSS failure after ipa-restore - freeipa

freeipa

#5296 GSS failure after ipa-restore

Closed: Fixed None Opened 8 years ago by mbasti.

I'm getting following failure after ipa-restore

ipa: ERROR: Insufficient access: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Decrypt integrity check failed)

Steps to reproduce:
1. install IPA
1. backup
1. uninstall IPA
1. install IPA
1. restore
1. kinit admin
1. ipa user-find (FAILED)

pvoborni commented 8 years ago

Comment by simo: Decryption can fail only if keys were replaced, int hat case you would have to purge also all contents of memcached as well as do something for all clients that have tickets for old keys.

Todo: check which branches are affected

jcholast commented 8 years ago

Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1265559

mbasti commented 8 years ago

master:

93d080d destroy httpd ccache after stopping the service

ipa-4-2:

23f1d4e destroy httpd ccache after stopping the service

Metadata Update from @mbasti:
- Issue assigned to mbabinsk
- Issue set to the milestone: FreeIPA 4.2.2

7 years ago

Metadata

Assignee

mbabinsk

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

FreeIPA 4.2.2

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

Backup

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1265559

tester

None

changelog

None

design

None

freeipa

Source Code

#5296 GSS failure after ipa-restore Closed: Fixed None Opened 8 years ago by mbasti.

Metadata

#5296 GSS failure after ipa-restore

Closed: Fixed None Opened 8 years ago by mbasti.