On 03/22/2015 11:56 AM, Coy Hile wrote:
I think there have been some attempts to move from MIT Kerberos to IPA
with manual migration.
Please search archives. I remember Simo Sorce was providing some
guidance. Last time it was more than a year ago AFAIR. I do not think
the loop was ever closed to know whether the migration was actually
conducted or complete.
I’ve got an existing (Heimdal) kerberos realm that I am potentially interested
in replacing with FreeIPA. I know that recent MIT krb5 can read a Heimdal
dump. Is there a supported (or even unsupported but it works is fine) way to
pre-seed the kerb realm before running the IPA setup in the quick start? I’ve
got a handful of services (most notably OpenAFS and a trust to an existing
Windows Domain) that I should prefer not to have to rekey if I can avoid it.
If I can simply load the existing dump, then let FreeIPA create what it needs,
that should make my life easier.
I am not aware of any Heimdal migration like this.
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project