Migrating to new Kerb server - How to move all principals and passwd

Benjamin Kaduk kaduk at MIT.EDU
Thu Sep 18 20:43:35 EDT 2014


On Thu, 18 Sep 2014, Vignesh, Vanna G. wrote:

> Hello Rick,
>
> I think there is no back end store. All the principals are created by
> running add princ command. All the data rest within the Kerberos. Is
> there no way I can retrieve it to other Kerberos master server?

The standard way to do this is to run kdb5_util dump on the old machine
and kdb5_util load on the new one.  (The new one will need the master key,
whether from retyping the master password or copying the stash file.)

In many cases, one can just copy the database files and stash file and
start up the new KDC, but 1.4 is pretty old and I would have to check to
make sure it would be expected to work with database files that old.

-Ben Kaduk


More information about the Kerberos mailing list