On 4/1/2017 5:52 PM, Nico Williams wrote:
On Sat, Apr 01, 2017 at 04:59:56PM -0700, Adam Lewenberg wrote:
I am looking for a quick way to get a snapshot of the Kerberos database
The most obvious way to do this would be to shutdown the kerberos service,
copy the file, and restart the service. This could be done on one of the
replicas, perhaps one that does not get actual authentication requests.
You can use the lock sub-command of kadmin -l, copy the HDB, and then
I don't see that command in the man page. Is that a new command (we are
still running Heimdal 1.5.2)?
You could also setup a hidden slave on the same host as the master, then
stop that ipropd-slave to take a snapshot of its HDB.