`kdb5_util dump -ov` documentation obsolete?
Jeff D'Angelo
jcd at psu.edu
Tue Sep 18 12:06:58 EDT 2012
Pardon the repost, I didn't include kerberos at mit.edu last time.
On 9/12/12 11:35 AM, Jeff D'Angelo wrote:
> On
>
> http://web.mit.edu/kerberos/krb5-latest/krb5-1.10.3/doc/krb5-admin.html#Dumping-a-Kerberos-Database-to-a-File
>
>
> I read:
>
> > -ov
> > causes the dump to be in ovsec_adm_export format. Currently, the
> only way to preserve per-principal policy information is to use this in
> conjunction with a normal dump.
>
> Is the second statement still true?
>
> My read of the code and experimental dumps and loads indicate that the
> regular dump included per-principal policy information since krb5-1.2.2
> with the "kdb5_util load_dump version 5" [1] and later "kdb5_util
> load_dump version 6" formats. Running a second load of the -ov dump
> format seems needless and is also expensive with databases sufficiently
> large relative to disk speeds (our production servers take an hour to do
> this compared to a few minutes for the regular format load).
>
> [1] Summoned in versions 1.8 and newer with the -r13 switch.
>
> Is there still a reason why one would want to load -update the ov dump
> beyond what the default format since krb5-1.2.2 contains?
>
> If not, I'll happily submit a bug report via krb5-send-pr if that's the
> best route to report this. Thanks.
>
--
Jeff
More information about the Kerberos
mailing list