How to Restore the Kerberos Database

1. Become superuser on the master KDC.

2. On the master, stop the KDC daemons.

   kdc1 # svcadm disable network/security/krb5kdc kdc1 # svcadm disable network/security/kadmin

3. Restore the Kerberos database by using the load command of the kdb_util command.

   # /usr/sbin/kdb5_util load [-verbose] [-d dbname] [-update] [filename]

   -verbose

   Prints the name of each principal and policy that is being restored.

   dbname

   Defines the name of the database to restore. Note you can specify an absolute path for the file. If the -d option is not specified, the default database name is /var/krb5/principal.

   -update

   Updates the existing database. Otherwise, a new database is created or the existing database is overwritten.

   filename

   Defines the file from which to restore the database. You can specify an absolute path for the file.

4. Start the KDC daemons.

   kdc1 # svcadm enable -r network/security/krb5kdc kdc1 # svcadm enable -r network/security/kadmin

Example 23–16 Restoring the Kerberos Database

In the following example, the database called database1 is restored into the current directory from the dumpfile file. Because the -update option isn't specified, a new database is created by the restore.

# kdb5_util load -d database1 dumpfile