kdb5_util dump on host1 && kdb5_util load on host2

Turbo Fredriksson turbo at bayour.com
Wed May 22 01:06:50 EDT 2002


>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at ubsw.com> writes:

    Nicolas> Does the other stash file exist? And is it a stash file?

    >> tuzjfi:~/papadoc# kdb5_util load -update -verbose -mkey_convert -new_mkey_file stash krb5-20020521

The file 'stash' here is the stash file from papadoc (copied over with scp).
the 'krb5-20020521' file is the dump from papadoc (sans the K/M, kadmin/*
and krbtgt principals).

    Nicolas> What if you leave out the -new_mkey_file option? It
    Nicolas> should prompt you for the new master key passphrase.  --

Same thing...


Oki, so what did I miss?

The 'stash' file contain the password for the principal 'K/M', which is
used to unlock the database (by the KDC/Admin server when they start).
Right?

The new database have a new K/M (and new kadmin/* and krbtgt principals).


What should I do, just copy the database files and the stash file over?
-- 
Ortega attack Mossad cryptographic FSF subway World Trade Center
Semtex jihad Cocaine bomb Saddam Hussein Ft. Meade
counter-intelligence Kennedy
[See http://www.aclu.org/echelonwatch/index.html for more about this]



More information about the Kerberos mailing list