On Sun, 2011-08-28 at 01:08 +0200, Andreas Ntaflos wrote: > Hello all, > > we have Kerberos 1.8.1 (Ubuntu 10.04) using the default database > configuration (i.e. db2, /var/lib/kerberos) working fine alongside > OpenLDAP, saslauthd (so that authentication against LDAP seamlessly goes > against Kerberos) and PAM (and other things). > > I was now wondering if it is possible to migrate the current Kerberos > database to LDAP (with the kldap driver), without having to recreate the > whole realm and every principal and reset every password. It is also > important that saslauthd continues working. > > Is there a migration strategy or best practice I can follow? Or is the > whole thing impossible to do?
You can use kdb5_util to dump the database and then later reload it in LDAP. I tried only with LDAP->LDAP but I don't think you should have any issue dumping a db one and the loading it back in LDAP as long as the LDAP server is correctly configured and the kdc user has enough permission to write the data. Simo. -- Simo Sorce * Red Hat, Inc * New York ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
