"kdb5_util load -update" best practice
John Devitofranceschi
jdvf at optonline.net
Mon Sep 24 07:07:19 EDT 2018
> On Sep 22, 2018, at 10:39 AM, Greg Hudson <ghudson at MIT.EDU> wrote:
>
> On 09/22/2018 09:44 AM, John Devitofranceschi wrote:
>> In order to remedy this, we tried using a pre-mistake backup (dump format) of the kdb to restore the principals:
>> kdb5_util load -update dumpfile principal
>> However this did not work. This is what’s documented in the MIT docs. We were expecting to be able to run this once per missing principal.
>
> I found an example in database.rst which implies this capability, and yeah, it's wrong. The kdb5_util man page instead says that load has an optional dbname parameter at the end, which is also wrong (and wouldn't make much sense; such a parameter would be redundant with kdb5_util -d).
>
> I will consider adding a principal matching feature to kdb5_util load, and will definitely make a pass over the dump/load documentation for accuracy.
Thanks!
>
>> Is there any easier way to do this?
>
> I probably would have filtered the dump file with text processing.
>
So, just put the header line and then any needed principals from the backup dump into a text file? That’s all there is to it?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2393 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20180924/174f572a/attachment.bin
More information about the Kerberos
mailing list