Migrating to new Kerb server - How to move all principals and passwd

Rick van Rein rick at openfortress.nl
Thu Sep 18 02:11:30 EDT 2014


Hello Vanna,

If your backend store is LDAP, I would expect it to be portable.  You can actually try that by having multiple KDCs use the same LDAP, because the KDC has readonly access.  You could temporarily shut down the write actions during the transition (kadmin, kpasswd) but even there I doubt it would be problematic, as LDAP makes atomic object updates and Kerberos contains its data in single objects.

For other backends I don’t know — maybe a transition to LDAP first, but I don’t know if that’s documented anywhere.

Does this help?

Cheers,
 -Rick


More information about the Kerberos mailing list