On 4/1/2017 5:22 PM, Jeffrey Hutzelman wrote:
On Sat, 2017-04-01 at 16:59 -0700, Adam Lewenberg wrote:
I am looking for a quick way to get a snapshot of the Kerberos

The most obvious way to do this would be to shutdown the kerberos
service, copy the file, and restart the service. This could be done
one of the replicas, perhaps one that does not get actual

Is there a faster way? For example, some database systems (e.g., MS
have the ability to go into and out of a "quiescent" state faster
than a
full service stop/start to facilitate this sort of thing. Does
have something like this? Or is the full service restart the

hprop --stdout

will produce a database dump that you can reload later if needed.

I did a round trip (hprop --stdout | hpropd --stdin) and the resulting heimdal.db has the same size as the original but a _different_ checksum.

Doing a "kadmin -l dump" on both database files I see that the output is almost the same, except each entry has some sort of counter that gets incremented. What is that counter for?

Adam Lewenberg

kadmin -l list -l '*'

will produce a verbose human-readable list of all the principals in the
database and their attributes. Note that this is not particularly
machine-readable and does not include keys, so it's not a backup.

-- Jeff

Reply via email to