[Freeipa-users] FreeIPA interoperability with an existing kerberos realm?
Dmitri Pal
dpal at redhat.com
Sun Mar 22 19:31:17 UTC 2015
On 03/22/2015 11:56 AM, Coy Hile wrote:
> Hi all,
>
> I’ve got an existing (Heimdal) kerberos realm that I am potentially interested in replacing with FreeIPA. I know that recent MIT krb5 can read a Heimdal dump. Is there a supported (or even unsupported but it works is fine) way to pre-seed the kerb realm before running the IPA setup in the quick start? I’ve got a handful of services (most notably OpenAFS and a trust to an existing Windows Domain) that I should prefer not to have to rekey if I can avoid it. If I can simply load the existing dump, then let FreeIPA create what it needs, that should make my life easier.
>
> Thanks,
>
> --
> Coy Hile
> coy.hile at coyhile.com
>
>
I think there have been some attempts to move from MIT Kerberos to IPA
with manual migration.
Please search archives. I remember Simo Sorce was providing some
guidance. Last time it was more than a year ago AFAIR. I do not think
the loop was ever closed to know whether the migration was actually
conducted or complete.
I am not aware of any Heimdal migration like this.
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
More information about the Freeipa-users
mailing list