[Freeipa-users] Migrate KRB DB hashes to IPA LDAP
Andreas Ladanyi
andreas.ladanyi at kit.edu
Tue Nov 4 12:24:53 UTC 2014
> On Mon, 13 Oct 2014 17:30:58 +0200
> Andreas Ladanyi <andreas.ladanyi at kit.edu> wrote:
>
>> On my old system from which i migrated the users/group accounts uses
>> the Kerberos own DB without LDAP for the principals.
>>
>> I could dump the master key :
>>
>> kdb5_util dump filename K/M at REALM
>>
>> Now i have a lot of numbers in the dumpfile. Which number belongs to
>> which LDAP attribute in the (test) FreeIPA 389 LDAP System (Simon
>> called it a throwaway system :-) )
>>
>> I dont know the data structure of the KRB own DB.
> And you shouldn't really care, you should use the kdb5 utils to load
> back the dumped DB, provided you first create all users and hosts and
> services via the freeipa tools.
>
> Simo.
Ok, i dumped the kerberos DB with kdb5_util and get the dumped file with
all principals.
So now if i unterstand you correctly, if have to create all users/group/service principals with the freeipa tools first ?
How can i import the dumped principals in to the 389 LDAP ? I cant see any options in the kdb5_ldap_util to import the principals and hashes from the dumped KRB DB file to 389 LDAP ?
Andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5306 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141104/f251b3dd/attachment.p7s>
More information about the Freeipa-users
mailing list