Changing realm name of a production database

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Changing realm name of a production database

Francisco Oliveira-2

After analizing my principals I saw the following with getprinc:

kadmin.local:  getprinc test
Principal: [hidden email]
Expiration date: [never]
Last password change: Fri Jun 03 16:42:33 WEST 2005
Password expiration date: Sat Jun 03 16:42:33 WEST 2006
Maximum ticket life: 0 days 12:00:00
Maximum renewable life: 7 days 00:00:00
Last modified: Fri Jun 03 16:42:33 WEST 2005 (admin/[hidden email])
Last successful authentication: [never]
Last failed authentication: [never]
Failed password attempts: 0
Number of keys: 2
Key: vno 14, Triple DES cbc mode with HMAC/sha1, no salt
Key: vno 14, DES cbc mode with CRC-32, no salt
Policy: default

In the key tag I can see that no slat was used. Does this mean that I
can edit the dump, change the realm name ? I don't think I will have a
slat issues (generated by the OLD realm). Is this true? Or do I need

Any help or advice is appretiated....



>Will I be able to convert my principal name by dumping the current
>database with kdb5_util and then editing the file and changing the
>realm name on each principal?

>This way, I would load the new database an upgrade all keytabs.

>Is this possible??



>I have installed one realm but now I need to change all my principals
>(mainly users) to a new realm.
>Can I export the users from my old realm to  the new one? How can I fo that?

>I am using krb5-1.4.1.



Kerberos mailing list           [hidden email]