Henry B (Hank) Hotz, CISSP wrote:
> > I would like to copy some user principals from one realm to another
> > while retaining their keys/passwords. Which is the correct way to do
> > it a) within one multi-realm KDC b) between two KDCs?

> If both are Heimdal, then I???ve done:
> 
> kadmin -l dump --decrypt | grep ^principal >xfr.file
> kadmin -l merge xfr.file

Yes, but the xfr.file will contain principals with realms appended,
but I want to copy principals into a different realm.

Of course, I can use sed/awk to change the realm suffixes:

kadmin -l dump -d | grep ^principal |\
        sed  's/OLD\.REALM/NEW.REALM/' >xfr.file

but are you sure the keys don't depend somehow on those suffixes
(maybe hashed realm suffixes, I dunno).


-- 
Victor Sudakov,  VAS4-RIPE, VAS47-RIPN
sip:suda...@sibptus.tomsk.ru

Reply via email to