What you're seing is Kerberos single sign on in action. You might log out of the web interface, but the next time you open firefox a new automatic sign on by kerberos is happening.
If you kdestroy your kerberos credentials you can no longer access any kerberized services, until you request new kerberos credentials. You can check this by accessing the ipa web interface, run "klist", see that there is a HTTP/your-ipa-server.fqdn. Run "kinit", then run "klist" and all your tickets are gone. Access the IPA web interface again, run klist and you'll see a HTTP/your-ipa-server.fqdn. Kerberos single sign on in action. :) Rgds, Siggi On Fri, July 27, 2012 06:39, Steven Jones wrote: > So if i just click on logout, I should just logout as if i kdestroy'd? > > > If so, when I do that why doesnt that "cleanup" occur? > > > regards > > Steven Jones > > > Technical Specialist - Linux RHCE > > > Victoria University, Wellington, NZ > > > 0064 4 463 6272 > > > ________________________________________ > From: Simo Sorce [[email protected]] > Sent: Friday, 27 July 2012 4:01 p.m. > To: Steven Jones > Cc: [email protected] > Subject: Re: [Freeipa-users] unable to logout of IPA > > > On Fri, 2012-07-27 at 03:14 +0000, Steven Jones wrote: > >> When in IPA, when I click on the "logout" I expect to logout so I can login >> as another user, >> >> >> ======= >> Logged In As: steven jones | Logout >> ======= >> >> >> Clicking on logout, and clearing history in Firefox and even closing all >> instances of Firefox >> and restarting see me looged back in as my adm account... >> >> So what do I need to do to flush? reboot my workstation? >> > > logout or manually run kdestroy > > Simo. > > > -- > Simo Sorce * Red Hat, Inc * New York > > > > > > _______________________________________________ > Freeipa-users mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/freeipa-users > > _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
