On 01/17/2014 03:59 PM, Rob Crittenden wrote:
> Les Stott wrote:
>>> The first time your migrated production users authenticate with their
>>> password their Kerberos credentials will be generated.
>> Is there a way to avoid this?
>> I had to do that for importing shadow files originally in DR. now,
>> i'm going from freeipa to freeipa. if i export kerberos attributes
>> will that avoid users having to regenerate the kerberos credentials?
> No. The kerberos master keys are different.
Unless you want to copy master keys over.
This is a complex manual procedure. You can probably find it in the
archives as we helped people with it couple times but it is not recommended.
May be we should open an RFE to develop a tool that would do
ipa-migrate-ipa and can be used to move data from POC to production.
> Freeipa-users mailing list
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
Looking to carve out IT costs?
Freeipa-users mailing list