> On to, 16 kesä 2022, rui liang via FreeIPA-users wrote: > > It will regenerate Kerberos keys from scratch so your existing keytab > would not be useful. You'd need to retrieve or create a new one. > > There is no more detailed tutorial because there is nothing more to it. > It is really like that -- somebody does LDAP bind when migration mode is > enabled and upon verification of the LDAP password Kerberos keys will be > generated automatically. Whether it is done through SSSD login or direct > LDAP bind or through an IPA Web UI migration page, it is irrelevant > because they all boil down to the same LDAP bind operation in the end. > > Your previous Kerberos keys aren't possible to reuse.
Oh, I see.Thank you for your guidance My system is Ubuntu16.04 Freeipa4.3, because the current CA cert has expired and there are problems, it is difficult to repair, so I want to rebuild the new environment to recover the user data on the old cluster, is there any good scheme recommended?Thank you very much _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
