On 4/1/2017 5:52 PM, Nico Williams wrote:
On Sat, Apr 01, 2017 at 04:59:56PM -0700, Adam Lewenberg wrote:
I am looking for a quick way to get a snapshot of the Kerberos database
file.

The most obvious way to do this would be to shutdown the kerberos service,
copy the file, and restart the service. This could be done on one of the
replicas, perhaps one that does not get actual authentication requests.

You can use the lock sub-command of kadmin -l, copy the HDB, and then
unlock.

I don't see that command in the man page. Is that a new command (we are still running Heimdal 1.5.2)?

Adam Lewenberg


You could also setup a hidden slave on the same host as the master, then
stop that ipropd-slave to take a snapshot of its HDB.

Nico


Reply via email to