[36489] in Kerberos
Re: Migrating to new Kerb server - How to move all principals and
daemon@ATHENA.MIT.EDU (Benjamin Kaduk)
Thu Sep 18 20:43:53 2014
Date: Thu, 18 Sep 2014 20:43:35 -0400 (EDT)
From: Benjamin Kaduk <kaduk@mit.edu>
To: "Vignesh, Vanna G." <vignesh@musc.edu>
In-Reply-To: <52B62D8E-4E80-43FB-9B82-D3A046945761@musc.edu>
Message-ID: <alpine.GSO.1.10.1409182039250.21571@multics.mit.edu>
MIME-Version: 1.0
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On Thu, 18 Sep 2014, Vignesh, Vanna G. wrote:
> Hello Rick,
>
> I think there is no back end store. All the principals are created by
> running add princ command. All the data rest within the Kerberos. Is
> there no way I can retrieve it to other Kerberos master server?
The standard way to do this is to run kdb5_util dump on the old machine
and kdb5_util load on the new one. (The new one will need the master key,
whether from retyping the master password or copying the stash file.)
In many cases, one can just copy the database files and stash file and
start up the new KDC, but 1.4 is pretty old and I would have to check to
make sure it would be expected to work with database files that old.
-Ben Kaduk
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
