On Thu, 2013-09-12 at 11:23 -0400, sergey ivanov wrote:
> I am looking for deployment of freeIPA in our organization. We have
> kerberos servers used for authentication on our computers and in
> applications, while users are mostly defined in /etc/passwd.
> For migration of user's password I have tried the way we usually do
> replicating password changes from master kerberos server to slaves. I
> did kdb5_util dump on old servers, transferred the dump to machine
> running FreeIPA, and was not able to do kdb5_util load -update,
> because of "Kerberos database constraints violated". Is there a way to
> import into freeIPA kerberos servers dump of kerberos principals,
> dumped by kdb5_util?
You could *try* do it *after* you create all users in freeipa, but I
think you'd break something. At the very least you would break plain
text binds as you would not generate the userPassword hash, not sure
what else, and I cannot guarantee it really works all the way.
Simo Sorce * Red Hat, Inc * New York
Freeipa-users mailing list