[31822] in Kerberos
Copying/Moving Principals from One Realm to Another
daemon@ATHENA.MIT.EDU (Holger Rauch)
Wed Dec 30 05:17:32 2009
Date: Wed, 30 Dec 2009 11:16:40 +0100
From: Holger Rauch <holger.rauch@empic.de>
To: kerberos@mit.edu
Message-ID: <20091230101640.GB2008@heitec.de>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============1960333251=="
Errors-To: kerberos-bounces@mit.edu
--===============1960333251==
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="KFztAG8eRSV9hGtP"
Content-Disposition: inline
--KFztAG8eRSV9hGtP
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hi,
I'm using MIT Kerberos on a Debian Lenny system. All Kerberos related
info is stored in an LDAP DIT (realm was initialized by using
kdb5_ldap_util).
Now I've created a second realm whose contents reside in the same DIT
since our machines will be moving to a new subnet and a different DNS
domain will be used as well.
Now I'm faced with two choices:
a) leave the principals where they are and use cross realm
authentication so that users can authenticate against both realms.
=20
b) moving (and possibly renaming) all principals from the old realm to
the new one
=20
Is b) possible at all and if so, does anybody have any scripts that
he/she is willing to share?
Are there any other important points to consider when moving
"kerberized" machines from one subnet/DNS domain to another (besides
the most obvious ones, like changing IP addresses/host names)?
Thanks in advance & kind regards,
Holger
--KFztAG8eRSV9hGtP
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAks7KIcACgkQbiVtWpZdKQL91gCgikGS3hnuWzxNPP3luOyuusrp
RqkAmwWYEdsVfLY/H7f47HlnFX8M/LkL
=suEM
-----END PGP SIGNATURE-----
--KFztAG8eRSV9hGtP--
--===============1960333251==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--===============1960333251==--
