Copying/Moving Principals from One Realm to Another
Holger Rauch
holger.rauch at empic.de
Wed Dec 30 05:16:40 EST 2009
Hi,
I'm using MIT Kerberos on a Debian Lenny system. All Kerberos related
info is stored in an LDAP DIT (realm was initialized by using
kdb5_ldap_util).
Now I've created a second realm whose contents reside in the same DIT
since our machines will be moving to a new subnet and a different DNS
domain will be used as well.
Now I'm faced with two choices:
a) leave the principals where they are and use cross realm
authentication so that users can authenticate against both realms.
b) moving (and possibly renaming) all principals from the old realm to
the new one
Is b) possible at all and if so, does anybody have any scripts that
he/she is willing to share?
Are there any other important points to consider when moving
"kerberized" machines from one subnet/DNS domain to another (besides
the most obvious ones, like changing IP addresses/host names)?
Thanks in advance & kind regards,
Holger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20091230/6d230a43/attachment.bin
More information about the Kerberos
mailing list