>> >> you need to use rename inside kadmin, so import w/o the sed and >> the rename. This makes sure the salt is updated, your sed >> statement doesn't do that. > > This won't work withing a multi-realm KDC because I need to copy, not > rename.
your sed trick will only work for keys not salted with principal. If you have principal salted keys (default) If you don’t want to use rename, you must unpack the key and set a the default salt type (i.e. that rename does). Love