[38332] in Kerberos
Re: "kdb5_util load -update" best practice
daemon@ATHENA.MIT.EDU (John Devitofranceschi)
Mon Sep 24 07:07:40 2018
From: John Devitofranceschi <jdvf@optonline.net>
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Date: Mon, 24 Sep 2018 07:07:19 -0400
To: Greg Hudson <ghudson@mit.edu>, kerberos@mit.edu
In-Reply-To: <bae7fba7-bc3e-bce7-c183-ef250f7c662e@mit.edu>
Message-Id: <08BFA23F-FDE9-452D-8952-6C29655FAD6E@optonline.net>
Content-Type: multipart/mixed; boundary="===============1102823182924321804=="
Errors-To: kerberos-bounces@mit.edu
--===============1102823182924321804==
Content-Type: multipart/signed;
boundary="Apple-Mail=_C8A9E3BC-1E34-4C0D-9D1C-7AFDA1ADC253";
protocol="application/pkcs7-signature"; micalg=sha1
--Apple-Mail=_C8A9E3BC-1E34-4C0D-9D1C-7AFDA1ADC253
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=utf-8
> On Sep 22, 2018, at 10:39 AM, Greg Hudson <ghudson@MIT.EDU> wrote:
>=20
> On 09/22/2018 09:44 AM, John Devitofranceschi wrote:
>> In order to remedy this, we tried using a pre-mistake backup (dump =
format) of the kdb to restore the principals:
>> kdb5_util load -update dumpfile principal
>> However this did not work. This is what=E2=80=99s documented in the =
MIT docs. We were expecting to be able to run this once per missing =
principal.
>=20
> I found an example in database.rst which implies this capability, and =
yeah, it's wrong. The kdb5_util man page instead says that load has an =
optional dbname parameter at the end, which is also wrong (and wouldn't =
make much sense; such a parameter would be redundant with kdb5_util -d).
>=20
> I will consider adding a principal matching feature to kdb5_util load, =
and will definitely make a pass over the dump/load documentation for =
accuracy.
Thanks!
>=20
>> Is there any easier way to do this?
>=20
> I probably would have filtered the dump file with text processing.
>=20
So, just put the header line and then any needed principals from the =
backup dump into a text file? That=E2=80=99s all there is to it?
--Apple-Mail=_C8A9E3BC-1E34-4C0D-9D1C-7AFDA1ADC253
Content-Disposition: attachment;
filename=smime.p7s
Content-Type: application/pkcs7-signature;
name=smime.p7s
Content-Transfer-Encoding: base64
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIF6DCCBeQw
ggPMoAMCAQICAxLKjjANBgkqhkiG9w0BAQ0FADB5MRAwDgYDVQQKEwdSb290IENBMR4wHAYDVQQL
ExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmluZyBBdXRob3Jp
dHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZzAeFw0xNzAzMTIxNzEzMThaFw0x
OTAzMTIxNzEzMThaMIGFMR4wHAYDVQQDExVKb2huIERldml0b2ZyYW5jZXNjaGkxITAfBgkqhkiG
9w0BCQEWEmpkdmZAb3B0b25saW5lLm5ldDEfMB0GCSqGSIb3DQEJARYQamR2ZkBob3RtYWlsLmNv
bTEfMB0GCSqGSIb3DQEJARYQZm9vbm9uQGdtYWlsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAK4hgmTqZnFEjGB/yk+/J5guSzz71ZVuemKLvEmRvDznUHJ/o8+NqgdWc87WILzB
8cCgfvjR8gtCe555md2xYof9NrNuFShKfTpP5mvG/ny4RYn1uq6FVgY5qBgz+4UDzE3W1ZniRIT6
EruOeawVpsl03AmaSbQNPXZTpxr6BiIfdnhEexuxXdJX9ytMM2yf20U/L/hmIuu+ML9bvXdsJNHn
iytTxDxB4v1BaplLKnQIvr8nvP8MuaOSUDP6SrAOkXgLFG0lqB6YLSW66aj1i1YHkQDK95iO+X0C
3l7iLJvCiVnG/PTFNdu2mZrJ0KzVzI0SJwvH4v0qSMcc8WaQ55cCAwEAAaOCAWYwggFiMAwGA1Ud
EwEB/wQCMAAwVgYJYIZIAYb4QgENBEkWR1RvIGdldCB5b3VyIG93biBjZXJ0aWZpY2F0ZSBmb3Ig
RlJFRSBoZWFkIG92ZXIgdG8gaHR0cDovL3d3dy5DQWNlcnQub3JnMA4GA1UdDwEB/wQEAwIDqDBA
BgNVHSUEOTA3BggrBgEFBQcDBAYIKwYBBQUHAwIGCisGAQQBgjcKAwQGCisGAQQBgjcKAwMGCWCG
SAGG+EIEATAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAGGFmh0dHA6Ly9vY3NwLmNhY2VydC5v
cmcwMQYDVR0fBCowKDAmoCSgIoYgaHR0cDovL2NybC5jYWNlcnQub3JnL3Jldm9rZS5jcmwwQQYD
VR0RBDowOIESamR2ZkBvcHRvbmxpbmUubmV0gRBqZHZmQGhvdG1haWwuY29tgRBmb29ub25AZ21h
aWwuY29tMA0GCSqGSIb3DQEBDQUAA4ICAQC2uTTSiclC649DuZ4wZpxkBUx15elSc1ez7SPjtPUW
oTK/wPgDPK93oWrzRrDEGwDnZeH6NB3odNuNC4rzkL9N9SWTcic/s56owVlN/LUGDhn8cXOJ/Aw/
3b0VrX66GbL/XNhe8/Ttw3DVPZveHsQzhTR9F0GQjInWl6jPS3q6tozwTawpFb7miP8LP3vWlNxL
QouvuJhBTbE2lhWws4GEErKb+g5M8EJE4LWAfwTLXqs1U1PGo9barPQkxCA7Vy7hL8Ry6pXVDNlz
hA0I+xM7ov+YquRy9yFfMPRunE/PYI3E4BFbWzginnXQ0s2kgyIt6qy1CeW/vrO+B6CZ+kXzr90f
5sMeeowmIf3UQibevmDqZ2opG2HbdUdOYxVLc1VdqwQ5VYyBvmYafu+S+p44x9Q/1rgyCDLF/Ecn
60xjCRvzIT23s/2/NU5evCGRta2Zo1e4fGcm8zsmfyPwZGkIPCXcE8Q9jZA6M2dJaM+psQMUg5Bf
bhXtFQTaj+lrZwmfWFnbWB+wd5hlDcnJRtw+wf/cknndHNYiwIsn4GDzojy5d9N8+3y/ompR0+Dw
cCzUDLkBvMu79N5Q1r663nE7umkYZBtmhhMbMN5+77ddJSIqf5MaOAO/QuAKOjmKsWSUv9uZH0oH
75GpU9OYJhOVUG9xfpbvY4vhBiAWJj12DTGCAzMwggMvAgEBMIGAMHkxEDAOBgNVBAoTB1Jvb3Qg
Q0ExHjAcBgNVBAsTFWh0dHA6Ly93d3cuY2FjZXJ0Lm9yZzEiMCAGA1UEAxMZQ0EgQ2VydCBTaWdu
aW5nIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBjYWNlcnQub3JnAgMSyo4wCQYF
Kw4DAhoFAKCCAYcwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcNMTgw
OTI0MTEwNzIwWjAjBgkqhkiG9w0BCQQxFgQUCAAUgO8r6j9dAql4rZZZOenERuowgZEGCSsGAQQB
gjcQBDGBgzCBgDB5MRAwDgYDVQQKEwdSb290IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2Vy
dC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEW
EnN1cHBvcnRAY2FjZXJ0Lm9yZwIDEsqOMIGTBgsqhkiG9w0BCRACCzGBg6CBgDB5MRAwDgYDVQQK
EwdSb290IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENl
cnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZwID
EsqOMA0GCSqGSIb3DQEBAQUABIIBAHJV+85XUqJDT78NGtNAu6lknpCOJFNqjwJ3FjY7NAgRLwaF
h6ZEoBqSpUNnqO5mZ53tOflrrCJ6g8mSmut5w70OAywJwG8M0vjJpzPVo2WenUUMoThshP1MYPdr
sLt/U+OGxrfwfzmlOBQe974XyAWwiLhnFsQR4Z5BLAmPrqxPbtVNJI/sDCuOFlB++r8ZOMoiVwTl
1c1IbiheLjngCgYJjaJ9mH5bU41GiTyiwy7Kxl6Gs+mubTpft+z89R4Cldls2sE3PfHu7+vCv8bv
de+FiuRxHwoTjZRB5BbXznlnrMP77i9SLSblbz1oHZgj6bZ0uDpj7WHsif2y54GEGEIAAAAAAAA=
--Apple-Mail=_C8A9E3BC-1E34-4C0D-9D1C-7AFDA1ADC253--
--===============1102823182924321804==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
--===============1102823182924321804==--
