On 03/22/2015 11:56 AM, Coy Hile wrote:
Hi all,

I’ve got an existing (Heimdal) kerberos realm that I am potentially interested 
in replacing with FreeIPA.  I know that recent MIT krb5 can read a Heimdal 
dump. Is there a supported (or even unsupported but it works is fine) way to 
pre-seed the kerb realm before running the IPA setup in the quick start?  I’ve 
got a handful of services (most notably OpenAFS and a trust to an existing 
Windows Domain) that I should prefer not to have to rekey if I can avoid it.  
If I can simply load the existing dump, then let FreeIPA create what it needs, 
that should make my life easier.


Coy Hile

I think there have been some attempts to move from MIT Kerberos to IPA with manual migration. Please search archives. I remember Simo Sorce was providing some guidance. Last time it was more than a year ago AFAIR. I do not think the loop was ever closed to know whether the migration was actually conducted or complete.
I am not aware of any Heimdal migration like this.

Thank you,
Dmitri Pal

Sr. Engineering Manager IdM portfolio
Red Hat, Inc.

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to