Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

Node:Dumping a Kerberos Database to a File, Next:, Previous:Global Operations on the Kerberos Database, Up:Global Operations on the Kerberos Database


Dumping a Kerberos Database to a File

To dump a Kerberos database into a file, use the kdb5_util dump command on one of the KDCs. The syntax is: 

     kdb5_util dump [-old] [-b6] [-b7] [-ov]
     [-verbose] [-mkey_convert] [-new_mkey_file] [filename
     [principals...]]

The kdb5_util dump command takes the following options:

-old
causes the dump to be in the Kerberos 5 Beta 5 and earlier dump format ("kdb5_edit load_dump version 2.0").
-b6
causes the dump to be in the Kerberos 5 Beta 6 format ("kdb5_edit load_dump version 3.0").
-b7
causes the dump to be in the Kerberos 5 Beta 7 format ("kdbt_edit load_dump version 4").
-ov
causes the dump to be in ovsec_adm_export format. Currently, the only way to preserve per-principal policy information is to use this in conjunction with a normal dump.
-verbose
causes the name of each principal and policy to be printed as it is dumped.
-mkey_convert
prompts for a new master password, and then dumps the database with all keys reencrypted in this new master key
-new_mkey_file
reads a new key from the default keytab and then dumps the database with all keys reencrypted in this new master key

For example: 

     shell% kdb5_util dump dumpfile
     shell%
     
     shell% kbd5_util dump -verbose dumpfile
     kadmin/[email protected]
     krbtgt/[email protected]
     kadmin/[email protected]
     K/[email protected]
     kadmin/[email protected]
     shell%

If you specify which principals to dump, you must use the full principal, as in the following example. (The line beginning with => is a continuation of the previous line.): 

     shell% kdb5_util dump -verbose dumpfile K/[email protected]
     => kadmin/[email protected]
     kadmin/[email protected]
     K/[email protected]
     shell%

Otherwise, the principals will not match those in the database and will not be dumped: 

     shell% kdb5_util dump -verbose dumpfile K/M kadmin/admin
     shell%

If you do not specify a dump file, kdb5_util will dump the database to the standard output.

There is currently a bug where the default dump format omits the per-principal policy information. In order to dump all the data contained in the Kerberos database, you must perform a normal dump (with no option flags) and an additional dump using the "-ov" flag to a different file.


 
 
  © 1985-2006 by the Massachusetts Institute of Technology - Reproduced with permission. Design by Interspire