On 03/22/2015 11:56 AM, Coy Hile wrote:
Hi all,

I’ve got an existing (Heimdal) kerberos realm that I am potentially interested 
in replacing with FreeIPA.  I know that recent MIT krb5 can read a Heimdal 
dump. Is there a supported (or even unsupported but it works is fine) way to 
pre-seed the kerb realm before running the IPA setup in the quick start?  I’ve 
got a handful of services (most notably OpenAFS and a trust to an existing 
Windows Domain) that I should prefer not to have to rekey if I can avoid it.  
If I can simply load the existing dump, then let FreeIPA create what it needs, 
that should make my life easier.

Thanks,

--
Coy Hile
coy.h...@coyhile.com


I think there have been some attempts to move from MIT Kerberos to IPA with manual migration. Please search archives. I remember Simo Sorce was providing some guidance. Last time it was more than a year ago AFAIR. I do not think the loop was ever closed to know whether the migration was actually conducted or complete.
I am not aware of any Heimdal migration like this.

--
Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to