Quoting Gareth Hopkins <[EMAIL PROTECTED]>:
> On Wed, 12 Mar 2003, Sam Hartman wrote:
>
> SH>>>>>> "Gareth" == Gareth Hopkins <[EMAIL PROTECTED]> writes:
> SH>
> SH> Gareth> Howdie, I am trying to find an easy way of moving the
> SH> Gareth> current master kdc realm to another one.
> SH>
> SH> Gareth> Currently we have "foo.com" as the realm and I am
> SH> Gareth> wanting to change it to "bar.com"
> SH>
> SH>There is no easy way, and the simplest way with the MIT KDC will
> SH>involve writing a fair bit of code on your part.
>
> Howdie Sam,
>
> Thanks for the reply. Is there an easy way of dumping the
> database and then bringing it up on another machine as the primary?
MOVING it is no problem. But if you're planning on changing the realm
in the process, that can't be done...
Dumping the db is done with:
kdb5_util dump backupfile
This can be done with the KDC online... Loading it is done with
kdb5_util load backupfile
Just one note. If you're changing architecture, from big-endian to little-endian
(or was that the other way around) such as intel to sparc etc, then you'll be
forced to recreate the stash file if you're using any...
----- s n i p -----
1. Create database and stash file
a. kdb5_util create -s
=> Use whatever password, it's to be removed/changed.
2. Load the database dump
a. kdb5_util load backupfile
=> backupfile is the dump file
3. Create the new stash file from database
a. rm /etc/krb5kdc/stash
b. kdb5_util stash -f /etc/krb5kdc/stash
=> This must be done, because the 'stash' file is
byte order dependent, so just copying the file
over won't work (i386->SPARC).
----- s n i p -----
________________________________________________
Kerberos mailing list [EMAIL PROTECTED]
https://mailman.mit.edu/mailman/listinfo/kerberos
