Re: Backing up...

Fri, 16 Nov 2001 13:50:12 -0800 

>>>>> "Nicolas" == Nicolas Williams <[EMAIL PROTECTED]> writes:

    Nicolas> On Fri, Nov 16, 2001 at 04:22:01PM +0100, Turbo
    Nicolas> Fredriksson wrote:

    >> >>>>> "Nicolas" == Nicolas Williams <[EMAIL PROTECTED]>
    >> writes:
    Nicolas> You'll need to decide whether you want to back up the
    Nicolas> "stash" file containing the KDC's master key, if you're
    Nicolas> using a stash file... I suggest that you save a
    Nicolas> (several?) printed copy of the KDC master database
    Nicolas> pass-phrase and don't backup the stash file. Restoring is
    Nicolas> easy: use "kdb5_util load ..." to reload the KDC db and
    Nicolas> "kdb5_util stash ..."  to re-create the stash file.
    >>  The 'KDC master database pass-phrase'... Would that bee the
    >> K/M principal pass phrase/password?

    Nicolas> Yes, but the KDC needs it to be typed in to it when it
    Nicolas> starts or to be stored in a "stash" file.

So... Since I actually remembers the K/M principal password (have it in my
Palm, encrypted with strip), I can risk loosing the stash file... ?
I can just create a new when/if I need it?

    >> I know where the stash file is, but the actual database? Could
    >> these be it?
    >> 
    >> ----- s n i p ----- [papadoc.root]# pwd /var/lib/krb5kdc
    >> [papadoc.root]# ll total 1068 -rw------- 1 root root 40960 Nov
    >> 14 12:37 principal

    Nicolas> ^^^^ This is the database.

Oki, so 'kdb5_util dump /var/lib/krb5kdc/principal' would do it...

Nope, that trashed my complete KDC... Dang!

What's that principal.kadm5 file then? Any chance I can restore the db now?


-- 
 Turbo     __ _     Debian GNU     Unix _IS_ user friendly - it's just 
 ^^^^^    / /(_)_ __  _   ___  __  selective about who its friends are 
         / / | | '_ \| | | \ \/ /   Debian Certified Linux Developer  
  _ /// / /__| | | | | |_| |>  <  Turbo Fredriksson   [EMAIL PROTECTED]
  \\\/  \____/_|_| |_|\__,_/_/\_\ Stockholm/Sweden

Treasury Marxist genetic $400 million in gold bullion 767 World Trade
Center FBI kibo terrorist PLO DES AK-47 [Hello to all my fans in
domestic surveillance] subway strategic
[See http://www.aclu.org/echelonwatch/index.html for more about this]

Reply via email to