moving a krb5 kdc installation from one server to another

Chris Hecker checker at
Mon May 13 19:46:23 EDT 2013

Are there any best practices for moving a KDC from one machine to 
another?  I have a krb5 (1.9 with local changes right now) kdc backed by 
openldap slapd on a machine, and want to move it to another machine.  Do 
I just dump the slapd directory and load it on the other machine, make 
sure the master passwords are there, and I'm done?  Is there anything I 
need to look out for?  Should I try something fancy with ldap 
replication or whatever to do it?  I'd rather have the server down for 
an hour and a simpler process than have it live but a really complicated 
replication thing right now.


More information about the Kerberos mailing list