On Sat, 2017-04-01 at 16:59 -0700, Adam Lewenberg wrote: > I am looking for a quick way to get a snapshot of the Kerberos > database > file. > > The most obvious way to do this would be to shutdown the kerberos > service, copy the file, and restart the service. This could be done > on > one of the replicas, perhaps one that does not get actual > authentication > requests. > > Is there a faster way? For example, some database systems (e.g., MS > SQL) > have the ability to go into and out of a "quiescent" state faster > than a > full service stop/start to facilitate this sort of thing. Does > Heimdal > have something like this? Or is the full service restart the > only/best > option?
hprop --stdout will produce a database dump that you can reload later if needed. kadmin -l list -l '*' will produce a verbose human-readable list of all the principals in the database and their attributes. Note that this is not particularly machine-readable and does not include keys, so it's not a backup. -- Jeff