Re: kdb5_util dump on host1 && kdb5_util load on host2

Wed, 22 May 2002 01:18:53 -0700 

>>>>> "Turbo" == Turbo Fredriksson <[EMAIL PROTECTED]> writes:

    Turbo> How it this done?  I'm currently running my KDC/Admin
    Turbo> server on one host, but I was planning on removing that,
    Turbo> and put it on two spare SPARC (SS4) that I have laying
    Turbo> around...

    Turbo> I've installed the kdc and the admin server on the new
    Turbo> machine, (called tuzjfi). On papadoc (the current KDC) I'm
    Turbo> dumping the database once every day, giving me the file
    Turbo> 'krb5-20020521'...

    Turbo> How do I load this on tuzjfi? Initializing the db on tuzjfi
    Turbo> (with 'krb5_newrealm' - Debian GNU/Linux packages), and
    Turbo> then issuing 'kdb5_util load krb5-20020521' will result in
    Turbo> an error.

Oki, it took a while, but I figured it out! Weee :)

This is the way I did it, could this be added to some howto?
----- s n i p -----
1. Create database and stash file
   a. kdb5_util create -s
      => Use whatever password, it's to be removed/changed.

2. Load the database dump
   a. kdb5_util load krb5-20020522
      => krb5-20020522 is the dump file

3. Create the new stash file from database
   a. rm /etc/krb5kdc/stash
   b. kdb5_util stash -f /etc/krb5kdc/stash

4. Create the host service principals
   a. kadmin.local -q "ank -randkey host/localhost"
   b. kadmin.local -q "ank -randkey host/`hostname`.`dnsdomainname`"

5. Create the kadmin keytab
   a. kadmin.local -q "ktadd -k /etc/krb5kdc/kadm5.keytab kadmin/admin"
   b. kadmin.local -q "ktadd -k /etc/krb5kdc/kadm5.keytab kadmin/changepw"
   c. kadmin.local -q "ktadd -k /etc/krb5kdc/kadm5.keytab host/localhost"
   d. kadmin.local -q "ktadd -k /etc/krb5kdc/kadm5.keytab 
host/`hostname`.`dnsdomainname`"

6. Start the Kerberos daemons
   a. /etc/init.d/krb5-admin-server start
   b. /etc/init.d/krb5-kdc start

7. Test if it works
   a. kinit turbo
----- s n i p -----

NOTE: I delete the file /etc/krb5kdc/kadm5.keytab before this is done...


Sam, could you please give the same chance that the openldap2 packages
in Debian GNU/Linux do in the krb5 packages? That is, to load a dump
instead of creating a new setup (ie starting the daemons)? Want a patch?

-- 
jihad South Africa Treasury SEAL Team 6 Khaddafi bomb Mossad Uzi
smuggle domestic disruption BATF Cuba terrorist counter-intelligence
Noriega
[See http://www.aclu.org/echelonwatch/index.html for more about this]
________________________________________________
Kerberos mailing list           [EMAIL PROTECTED]
http://mailman.mit.edu/mailman/listinfo/kerberos

Reply via email to