-
Story
-
Resolution: Unresolved
-
Undefined
-
None
-
None
-
None
-
None
-
rhel-idm-uah
-
None
-
False
-
False
-
-
None
-
None
-
None
-
None
-
Unspecified
-
Unspecified
-
Unspecified
-
None
The testing work that was done for the freeipa#7861 pull request has shown that IPA is missing an automated mechanism renew IPA service keys and their keytabs when support for new key/salt types is introduced. Not doing so may eventually make upgrade to new RHEL versions impossible.
This process should be automated, but there might be ways to still accept the previous versions of the service keys to not invalidate active tickets.