I'm getting following failure after ipa-restore
ipa: ERROR: Insufficient access: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Decrypt integrity check failed)
Steps to reproduce: 1. install IPA 1. backup 1. uninstall IPA 1. install IPA 1. restore 1. kinit admin 1. ipa user-find (FAILED)
Comment by simo: Decryption can fail only if keys were replaced, int hat case you would have to purge also all contents of memcached as well as do something for all clients that have tickets for old keys.
Todo: check which branches are affected
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1265559
master:
ipa-4-2:
Metadata Update from @mbasti: - Issue assigned to mbabinsk - Issue set to the milestone: FreeIPA 4.2.2
Login to comment on this ticket.