> On Nov 6, 2017, at 12:20 PM, Patrik Lundin <patrik.lun...@su.se> wrote:
> 
> On 2017-11-06 17:55:05, Patrik Lundin wrote:
>> 
>> While it can still be displayed with kadmin (and authenticated to with 
>> kinit) the dump and load will fail:
>> ===
>> root@kdc-lab-master1:~# kadmin -l load hdb-backup
>> hdb-backup:2:error parsing extension 
>> (XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX)
>> hdb-backup:3:error parsing keys ()
>> ===
>> 
> 
> Just a quick follow-up:
> To be clear, the above example was missing the preceeding "kadmin -l
> dump hdb-backup". I should also point out that the dump operation gives no
> indiciation that something went wrong, so either that indicates that the
> problem lies with the load code, or it means the problem is not properly
> detected.
> 
> This of course means there is no heads-up that you might be generating
> backup files where certain principals can not be restored. The problem
> will not show itself until you are actually performing a load.

See:

https://github.com/heimdal/heimdal/commit/d2130e3312089a3142e89b316d2900fa21855726

I'd also like to recommend the "prune-key-history" setting...

-- 
        Viktor.

Reply via email to