Changing realm name of a production database
fsoliv
fsoliv at gmail.com
Thu Jun 9 09:57:43 EDT 2005
Hello,
After analizing my principals I saw the following with getprinc:
kadmin.local: getprinc test
Principal: testeFoliv at ABCD.COM
Expiration date: [never]
Last password change: Fri Jun 03 16:42:33 WEST 2005
Password expiration date: Sat Jun 03 16:42:33 WEST 2006
Maximum ticket life: 0 days 12:00:00
Maximum renewable life: 7 days 00:00:00
Last modified: Fri Jun 03 16:42:33 WEST 2005 (admin/admin at ABCD.COM)
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 2
Key: vno 14, Triple DES cbc mode with HMAC/sha1, no salt
Key: vno 14, DES cbc mode with CRC-32, no salt
Attributes:
Policy: default
In the key tag I can see that no slat was used. Does this mean that I
can edit the dump, change the realm name ? I don't think I will have a
slat issues (generated by the OLD realm). Is this true? Or do I need
to use KRB5_KDB_SALTTYPE_SPECIAL?
Any help or advice is appretiated....
Rgrds,
F.
>Will I be able to convert my principal name by dumping the current
>database with kdb5_util and then editing the file and changing the
>realm name on each principal?
>This way, I would load the new database an upgrade all keytabs.
>Is this possible??
>F.
>Hello,
>I have installed one realm but now I need to change all my principals
>(mainly users) to a new realm.
>Can I export the users from my old realm to the new one? How can I fo that?
>I am using krb5-1.4.1.
>Regards,
>F.
More information about the Kerberos
mailing list