Love H??rnquist ??strand wrote: > > I would like to copy some user principals from one realm to another > > while retaining their keys/passwords. Which is the correct way to do > > it a) within one multi-realm KDC b) between two KDCs? > > > > If both are Heimdal, then I???ve done: > > kadmin -l dump --decrypt | grep ^principal >xfr.file > > kadmin -l merge xfr.file > > > > Yes, but the xfr.file will contain principals with realms appended, > > but I want to copy principals into a different realm. > > Of course, I can use sed/awk to change the realm suffixes: > > kadmin -l dump -d | grep ^principal |\ > > sed 's/OLD\.REALM/NEW.REALM/' >xfr.file > > but are you sure the keys don't depend somehow on those suffixes > > (maybe hashed realm suffixes, I dunno). > > you need to use rename inside kadmin, so import w/o the sed and > the rename. This makes sure the salt is updated, your sed > statement doesn't do that.
This won't work withing a multi-realm KDC because I need to copy, not rename. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru
