> On Nov 6, 2017, at 12:20 PM, Patrik Lundin <patrik.lun...@su.se> wrote: > > On 2017-11-06 17:55:05, Patrik Lundin wrote: >> >> While it can still be displayed with kadmin (and authenticated to with >> kinit) the dump and load will fail: >> === >> root@kdc-lab-master1:~# kadmin -l load hdb-backup >> hdb-backup:2:error parsing extension >> (XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX) >> hdb-backup:3:error parsing keys () >> === >> > > Just a quick follow-up: > To be clear, the above example was missing the preceeding "kadmin -l > dump hdb-backup". I should also point out that the dump operation gives no > indiciation that something went wrong, so either that indicates that the > problem lies with the load code, or it means the problem is not properly > detected. > > This of course means there is no heads-up that you might be generating > backup files where certain principals can not be restored. The problem > will not show itself until you are actually performing a load.
See: https://github.com/heimdal/heimdal/commit/d2130e3312089a3142e89b316d2900fa21855726 I'd also like to recommend the "prune-key-history" setting... -- Viktor.