Josh Catana <[email protected]> writes: > Is it possible to change the name of a kerberos realm from OLD.PLACE.COM to > NEW.PLACE.COM? > Something like:
> kdb5_util dump -mkey_convert -new_mkey_file .k5.NEW.PLACE.COM krb5db.dump > sed -i -e 's/OLD.PLACE.COM/NEW.PLACE.COM/g' krb5db.dump > kdb5_util load -update krb5db.dump > why doesn't this work? Because all the keys in the KDC are salted with the old realm name. IIRC, there's some way to permit this with recent Kerberos clients that can support an alternative salt, but I don't remember the details of how to make it work. But hopefully those keywords will help get you pointed in the right direction. -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
