Renaming Realm
petesea@bigfoot.com
petesea at bigfoot.com
Tue Sep 2 11:26:53 EDT 2008
Is there an easy way to rename a realm?
I have a simple Kerberos setup I use for testing. It's isolated to just
one KDC and a few client systems.
I'd like to rename the realm (from TEST.ORG -> TEST.LAN), but was
wondering if there's a relatively easy way to do this, other then manually
starting over. And, given the size of my setup, perhaps that is the
easiest.
At a minimum, I realize the krb5.conf file and any application keytabs
will need to be changed on each client and (I assume) the following will
need to be changed on the KDC:
/etc/krb5.conf
/etc/krb5.keytab
/var/kerberos/krb5kdc/.k5.TEST.ORG
/var/kerberos/krb5kdc/kdc.conf
/var/kerberos/krb5kdc/kadm5.acl
/var/kerberos/krb5kdc/kadm5.keytab
/var/kerberos/krb5kdc/principal
/var/kerberos/krb5kdc/principal.kadm5
It appears I may be able to use kdb5_util (dump->destroy->create->load),
but I'm not so sure about the order of things or what I will need to
modify. eg, do I need to manually change/recreate kadm5.acl, kadm5.keytab
and the stash file or will the "create" do that for me?
More information about the Kerberos
mailing list