[Freeipa-users] export users/groups from one ipa server to another
Dmitri Pal
dpal at redhat.com
Fri Jan 17 22:06:23 UTC 2014
On 01/17/2014 03:59 PM, Rob Crittenden wrote:
> Les Stott wrote:
>>> The first time your migrated production users authenticate with their
>>> password their Kerberos credentials will be generated.
>>
>> Is there a way to avoid this?
>>
>> I had to do that for importing shadow files originally in DR. now,
>> i'm going from freeipa to freeipa. if i export kerberos attributes
>> will that avoid users having to regenerate the kerberos credentials?
>
> No. The kerberos master keys are different.
Unless you want to copy master keys over.
This is a complex manual procedure. You can probably find it in the
archives as we helped people with it couple times but it is not recommended.
May be we should open an RFE to develop a tool that would do
ipa-migrate-ipa and can be used to move data from POC to production.
>
> rob
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-users
mailing list