[24055] in Kerberos
Changing realm name of a production database
daemon@ATHENA.MIT.EDU (fsoliv)
Thu Jun 9 09:58:41 2005
Message-ID: <4e9e334805060906575755312c@mail.gmail.com>
Date: Thu, 9 Jun 2005 14:57:43 +0100
From: fsoliv <fsoliv@gmail.com>
To: kerberos@mit.edu
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Reply-To: fsoliv <fsoliv@gmail.com>
Errors-To: kerberos-bounces@mit.edu
Hello,
After analizing my principals I saw the following with getprinc:
kadmin.local: getprinc test
Principal: testeFoliv@ABCD.COM
Expiration date: [never]
Last password change: Fri Jun 03 16:42:33 WEST 2005
Password expiration date: Sat Jun 03 16:42:33 WEST 2006
Maximum ticket life: 0 days 12:00:00
Maximum renewable life: 7 days 00:00:00
Last modified: Fri Jun 03 16:42:33 WEST 2005 (admin/admin@ABCD.COM)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 2
Key: vno 14, Triple DES cbc mode with HMAC/sha1, no salt
Key: vno 14, DES cbc mode with CRC-32, no salt
Attributes:
Policy: default
In the key tag I can see that no slat was used. Does this mean that I
can edit the dump, change the realm name ? I don't think I will have a
slat issues (generated by the OLD realm). Is this true? Or do I need
to use KRB5_KDB_SALTTYPE_SPECIAL?
Any help or advice is appretiated....
Rgrds,
F.
>Will I be able to convert my principal name by dumping the current
>database with kdb5_util and then editing the file and changing the
>realm name on each principal?
>This way, I would load the new database an upgrade all keytabs.
>Is this possible??
>F.
>Hello,
>I have installed one realm but now I need to change all my principals
>(mainly users) to a new realm.
>Can I export the users from my old realm to the new one? How can I fo that?
>I am using krb5-1.4.1.
>Regards,
>F.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
