On 4/1/2017 5:22 PM, Jeffrey Hutzelman wrote:
On Sat, 2017-04-01 at 16:59 -0700, Adam Lewenberg wrote:
I am looking for a quick way to get a snapshot of the Kerberos
The most obvious way to do this would be to shutdown the kerberos
service, copy the file, and restart the service. This could be done
one of the replicas, perhaps one that does not get actual
Is there a faster way? For example, some database systems (e.g., MS
have the ability to go into and out of a "quiescent" state faster
full service stop/start to facilitate this sort of thing. Does
have something like this? Or is the full service restart the
will produce a database dump that you can reload later if needed.
I did a round trip (hprop --stdout | hpropd --stdin) and the resulting
heimdal.db has the same size as the original but a _different_ checksum.
Doing a "kadmin -l dump" on both database files I see that the output is
almost the same, except each entry has some sort of counter that gets
incremented. What is that counter for?
kadmin -l list -l '*'
will produce a verbose human-readable list of all the principals in the
database and their attributes. Note that this is not particularly
machine-readable and does not include keys, so it's not a backup.