[Freeipa-users] IPA to IPA migration
Timothy Geier
tgeier at accertify.com
Wed Jan 4 23:22:30 UTC 2017
This is something I’ve looked at lately and a manual proof of concept I just did (using ideas from https://www.freeipa.org/page/Howto/Migration#Migrating_from_other_FreeIPA_to_FreeIPA) makes it seem theoretically possible (though it looks like, barring the migration of the kerberos master key, all enrolled hosts would need to use ipa-getkeytab to get a replacement keytab from the new server and copy it to /etc/krb5.keytab so that sssd will work properly..the alternative is re-enrollment. All other keytabs in use by other applications would have to be similarly replaced).
Is https://fedorahosted.org/freeipa/ticket/3656 something that’s coming sooner or later to a future version of FreeIPA? Has anyone done a manual migration on a moderate-to-large setup?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20170104/102c6ec1/attachment.htm>
More information about the Freeipa-users
mailing list