>> While it can still be displayed with kadmin (and authenticated to with 
>> kinit) the dump and load will fail:
>> ===
>> root@kdc-lab-master1:~# kadmin -l load hdb-backup
>> hdb-backup:2:error parsing extension 
>> hdb-backup:3:error parsing keys ()
>> ===
> Just a quick follow-up:
> To be clear, the above example was missing the preceeding "kadmin -l
> dump hdb-backup". I should also point out that the dump operation gives no
> indiciation that something went wrong, so either that indicates that the
> problem lies with the load code, or it means the problem is not properly
> detected.
> This of course means there is no heads-up that you might be generating
> backup files where certain principals can not be restored. The problem
> will not show itself until you are actually performing a load.



I'd also like to recommend the "prune-key-history" setting...


