Changing realm name of a production database

fsoliv fsoliv at gmail.com
Thu Jun 9 09:57:43 EDT 2005


Hello,

After analizing my principals I saw the following with getprinc:

kadmin.local:  getprinc test
Principal: testeFoliv at ABCD.COM
Expiration date: [never]
Last password change: Fri Jun 03 16:42:33 WEST 2005
Password expiration date: Sat Jun 03 16:42:33 WEST 2006
Maximum ticket life: 0 days 12:00:00
Maximum renewable life: 7 days 00:00:00
Last modified: Fri Jun 03 16:42:33 WEST 2005 (admin/admin at ABCD.COM)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 2
Key: vno 14, Triple DES cbc mode with HMAC/sha1, no salt
Key: vno 14, DES cbc mode with CRC-32, no salt
Attributes:
Policy: default

In the key tag I can see that no slat was used. Does this mean that I
can edit the dump, change the realm name ? I don't think I will have a
slat issues (generated by the OLD realm). Is this true? Or do I need
to use KRB5_KDB_SALTTYPE_SPECIAL?

Any help or advice is appretiated....

Rgrds,

F.


>Will I be able to convert my principal name by dumping the current
>database with kdb5_util and then editing the file and changing the
>realm name on each principal?

>This way, I would load the new database an upgrade all keytabs.

>Is this possible??

>F.



>Hello,

>I have installed one realm but now I need to change all my principals
>(mainly users) to a new realm.
>Can I export the users from my old realm to  the new one? How can I fo that?

>I am using krb5-1.4.1.

>Regards,

>F.



More information about the Kerberos mailing list