kdb5_util dump on host1 && kdb5_util load on host2
Turbo Fredriksson
turbo at bayour.com
Wed May 22 01:06:50 EDT 2002
>>>>> "Nicolas" == Nicolas Williams <Nicolas.Williams at ubsw.com> writes:
Nicolas> Does the other stash file exist? And is it a stash file?
>> tuzjfi:~/papadoc# kdb5_util load -update -verbose -mkey_convert -new_mkey_file stash krb5-20020521
The file 'stash' here is the stash file from papadoc (copied over with scp).
the 'krb5-20020521' file is the dump from papadoc (sans the K/M, kadmin/*
and krbtgt principals).
Nicolas> What if you leave out the -new_mkey_file option? It
Nicolas> should prompt you for the new master key passphrase. --
Same thing...
Oki, so what did I miss?
The 'stash' file contain the password for the principal 'K/M', which is
used to unlock the database (by the KDC/Admin server when they start).
Right?
The new database have a new K/M (and new kadmin/* and krbtgt principals).
What should I do, just copy the database files and the stash file over?
--
Ortega attack Mossad cryptographic FSF subway World Trade Center
Semtex jihad Cocaine bomb Saddam Hussein Ft. Meade
counter-intelligence Kennedy
[See http://www.aclu.org/echelonwatch/index.html for more about this]
More information about the Kerberos
mailing list