[30260] in Kerberos
Renaming Realm
daemon@ATHENA.MIT.EDU (petesea@bigfoot.com)
Tue Sep 2 11:28:22 2008
Date: Tue, 02 Sep 2008 08:26:53 -0700 (PDT)
From: petesea@bigfoot.com
To: kerberos@mit.edu
Message-id: <alpine.OSX.1.10.0809020754040.11768@zippy-air>
MIME-version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Is there an easy way to rename a realm?
I have a simple Kerberos setup I use for testing. It's isolated to just
one KDC and a few client systems.
I'd like to rename the realm (from TEST.ORG -> TEST.LAN), but was
wondering if there's a relatively easy way to do this, other then manually
starting over. And, given the size of my setup, perhaps that is the
easiest.
At a minimum, I realize the krb5.conf file and any application keytabs
will need to be changed on each client and (I assume) the following will
need to be changed on the KDC:
/etc/krb5.conf
/etc/krb5.keytab
/var/kerberos/krb5kdc/.k5.TEST.ORG
/var/kerberos/krb5kdc/kdc.conf
/var/kerberos/krb5kdc/kadm5.acl
/var/kerberos/krb5kdc/kadm5.keytab
/var/kerberos/krb5kdc/principal
/var/kerberos/krb5kdc/principal.kadm5
It appears I may be able to use kdb5_util (dump->destroy->create->load),
but I'm not so sure about the order of things or what I will need to
modify. eg, do I need to manually change/recreate kadm5.acl, kadm5.keytab
and the stash file or will the "create" do that for me?
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
