On Thu, 2013-09-12 at 11:23 -0400, sergey ivanov wrote: > Hi, > I am looking for deployment of freeIPA in our organization. We have > kerberos servers used for authentication on our computers and in > applications, while users are mostly defined in /etc/passwd. > For migration of user's password I have tried the way we usually do > replicating password changes from master kerberos server to slaves. I > did kdb5_util dump on old servers, transferred the dump to machine > running FreeIPA, and was not able to do kdb5_util load -update, > because of "Kerberos database constraints violated". Is there a way to > import into freeIPA kerberos servers dump of kerberos principals, > dumped by kdb5_util? > You could *try* do it *after* you create all users in freeipa, but I think you'd break something. At the very least you would break plain text binds as you would not generate the userPassword hash, not sure what else, and I cannot guarantee it really works all the way.
Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users
