Kerberos Heimdal Heimdal - General

Copy a single KDC entry from one Heimdal database to another

classic Classic list List threaded Threaded
4 messages Options
Adam Lewenberg
Reply | Threaded
Open this post in threaded view
|

Copy a single KDC entry from one Heimdal database to another

Adam Lewenberg
Is it possible to copy a single Heimdal KDC entry from one database to
another?

For example, assume I have two Heimdal KDC's both using the same master
key, KDC A and KDC B. I create a principal in KDC A using the "-r"
option so that the password is randomly generated. Is it possible to
export the entry for this new principal from KDC A and import it into
KDC B such that a keytab file generated from KDC A for this principal
will work against KDC B (and vice versa)?

Viktor Dukhovni-2
Reply | Threaded
Open this post in threaded view
|

Re: Copy a single KDC entry from one Heimdal database to another

Viktor Dukhovni-2
On Wed, Nov 14, 2018 at 09:16:13AM -0800, Adam Lewenberg wrote:

> Is it possible to copy a single Heimdal KDC entry from one database to
> another?

The "kadmin merge" command can load a partial database dump.  But
"kadmin dump" only produces full database dumps.  If you then edit
the full dump to contain just the entry of interest, "merge" may
be able to re-create it.

Neither the "HDB" nor the "HDBGET" keytab types support writes, so
you can't use "ktutil copy".

--
        Viktor.
Henry B Hotz
Reply | Threaded
Open this post in threaded view
|

Re: Copy a single KDC entry from one Heimdal database to another

Henry B Hotz
kadmin dump | grep ^principal >extract
kadmin merge extract

Personal email. [hidden email]

> On Nov 14, 2018, at 1:10 PM, Viktor Dukhovni <[hidden email]> wrote:
>
>> On Wed, Nov 14, 2018 at 09:16:13AM -0800, Adam Lewenberg wrote:
>>
>> Is it possible to copy a single Heimdal KDC entry from one database to
>> another?
>
> The "kadmin merge" command can load a partial database dump.  But
> "kadmin dump" only produces full database dumps.  If you then edit
> the full dump to contain just the entry of interest, "merge" may
> be able to re-create it.
>
> Neither the "HDB" nor the "HDBGET" keytab types support writes, so
> you can't use "ktutil copy".
>
> --
>    Viktor.
Harald Barth-2
Reply | Threaded
Open this post in threaded view
|

Re: Copy a single KDC entry from one Heimdal database to another

Harald Barth-2

> kadmin dump | grep ^principal >extract

This will give you all principals (there might be more than one)
starting with "principal" in extract, but otherwise works.

Harald.
Free forum by Nabble Edit this page