On 01/17/2014 03:59 PM, Rob Crittenden wrote: > Les Stott wrote: >>> The first time your migrated production users authenticate with their >>> password their Kerberos credentials will be generated. >> >> Is there a way to avoid this? >> >> I had to do that for importing shadow files originally in DR. now, >> i'm going from freeipa to freeipa. if i export kerberos attributes >> will that avoid users having to regenerate the kerberos credentials? > > No. The kerberos master keys are different.
Unless you want to copy master keys over. This is a complex manual procedure. You can probably find it in the archives as we helped people with it couple times but it is not recommended. May be we should open an RFE to develop a tool that would do ipa-migrate-ipa and can be used to move data from POC to production. > > rob > > _______________________________________________ > Freeipa-users mailing list > Freeipaemail@example.com > https://www.redhat.com/mailman/listinfo/freeipa-users -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-users mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-users