"kdb5_util load -update" best practice

John Devitofranceschi jdvf at optonline.net
Mon Sep 24 07:07:19 EDT 2018



> On Sep 22, 2018, at 10:39 AM, Greg Hudson <ghudson at MIT.EDU> wrote:
> 
> On 09/22/2018 09:44 AM, John Devitofranceschi wrote:
>> In order to remedy this, we tried using a pre-mistake backup (dump format) of the kdb to restore the principals:
>>     kdb5_util load -update dumpfile principal
>> However this did not work. This is what’s documented in the MIT docs.  We were expecting to be able to run this once per missing principal.
> 
> I found an example in database.rst which implies this capability, and yeah, it's wrong.  The kdb5_util man page instead says that load has an optional dbname parameter at the end, which is also wrong (and wouldn't make much sense; such a parameter would be redundant with kdb5_util -d).
> 
> I will consider adding a principal matching feature to kdb5_util load, and will definitely make a pass over the dump/load documentation for accuracy.

Thanks!

> 
>> Is there any easier way to do this?
> 
> I probably would have filtered the dump file with text processing.
> 

So, just put  the header line and then any needed principals from the backup dump into a text file? That’s all there is to it?



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2393 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20180924/174f572a/attachment.bin


More information about the Kerberos mailing list