Renaming principals causes them to disappear

Paul B. Henson henson at acm.org
Tue Feb 3 22:00:33 EST 2015


> From: Greg Hudson
> Sent: Tuesday, February 03, 2015 11:20 AM
> 
> I have duplicated this problem; rename_principal breaks all the time
> with LDAP, but works with BDB.  This has likely been the case since

Hmm, that's a bummer, I was just about to avail of rename_principal
functionality with an LDAP backend as part of a realm rename we have coming
up :(. I was planning to rename everything and then rename it back in order
to hardcode the correct salt before changing the realm name and avoid having
to reset passwords. Given this bug, I guess I would have to dump the
database, load it into bdb, do the renames, dump it again, and then load it
back into ldap?

Can you think of any easier way to store the correct salt with a principal
before a realm rename?

Thanks.



More information about the Kerberos mailing list