On 4/1/2017 5:22 PM, Jeffrey Hutzelman wrote:
On Sat, 2017-04-01 at 16:59 -0700, Adam Lewenberg wrote:
I am looking for a quick way to get a snapshot of the Kerberos
database
file.

The most obvious way to do this would be to shutdown the kerberos
service, copy the file, and restart the service. This could be done
on
one of the replicas, perhaps one that does not get actual
authentication
requests.

Is there a faster way? For example, some database systems (e.g., MS
SQL)
have the ability to go into and out of a "quiescent" state faster
than a
full service stop/start to facilitate this sort of thing. Does
Heimdal
have something like this? Or is the full service restart the
only/best
option?


hprop --stdout

will produce a database dump that you can reload later if needed.

This looks to be a simple way to get a consistent snapshot with no service downtime. Thanks!

Adam Lewenberg




kadmin -l list -l '*'

will produce a verbose human-readable list of all the principals in the
database and their attributes. Note that this is not particularly
machine-readable and does not include keys, so it's not a backup.


-- Jeff


Reply via email to