Moving Realms

Turbo Fredriksson turbo at bayour.com
Tue Mar 18 04:01:09 EST 2003


Quoting Gareth Hopkins <gareth at za.uu.net>:

> On Wed, 12 Mar 2003, Sam Hartman wrote:
> 
> SH>>>>>> "Gareth" == Gareth Hopkins <gareth at za.uu.net> writes:
> SH>
> SH>    Gareth> Howdie, I am trying to find an easy way of moving the
> SH>    Gareth> current master kdc realm to another one.
> SH>
> SH>    Gareth> 	Currently we have "foo.com" as the realm and I am
> SH>    Gareth> wanting to change it to "bar.com"
> SH>
> SH>There is no easy way, and the simplest way with the MIT KDC will
> SH>involve writing a fair bit of code on your part.
> 
> Howdie Sam,
> 
> 	Thanks for the reply. Is there an easy way of dumping the
> database and then bringing it up on another machine as the primary?

MOVING it is no problem. But if you're planning on changing the realm 
in the process, that can't be done...

Dumping the db is done with:

        kdb5_util dump backupfile

This can be done with the KDC online... Loading it is done with

        kdb5_util load backupfile

Just one note. If you're changing architecture, from big-endian to little-endian
(or was that the other way around) such as intel to sparc etc, then you'll be
forced to recreate the stash file if you're using any...

        ----- s n i p -----
        1. Create database and stash file
           a. kdb5_util create -s
              => Use whatever password, it's to be removed/changed.
        
        2. Load the database dump
           a. kdb5_util load backupfile
              => backupfile is the dump file
        
        3. Create the new stash file from database
           a. rm /etc/krb5kdc/stash
           b. kdb5_util stash -f /etc/krb5kdc/stash
              => This must be done, because the 'stash' file is
                 byte order dependent, so just copying the file
                 over won't work (i386->SPARC).
        ----- s n i p -----


More information about the Kerberos mailing list