How to Back Up the Kerberos Database
-
Become superuser on the master KDC.
-
Back up the Kerberos database by using the dump command of kdb5_util.
# /usr/krb5/sbin/kdb5_util dump [-verbose] [-d dbname] [filename [principals...]]
-verbose
Prints the name of each principal and policy that is being backed up.
dbname
The name of the database to back up. Note that ".db" is appended to whatever database name is specified, and an absolute path for the file can be specified. If the -d option is not specified, the default database name is /var/krb5/principal, which actually becomes /var/krb5/principal.db.
filename
The file to back up the database. An absolute path for the file can be specified. If you don't specify a file, the database is dumped to standard output.
principal
A list of one or more principals (separated by a space) to back up. You must use fully-qualified principal names. If you don't specify principals, the entire database is backed up.
Example--Backing Up the Kerberos Database
The following example backs up the Kerberos database to a file called dumpfile. Because the -verbose option is specified, each principal is printed as it is backed up.
# kbd5_util dump -verbose dumpfile kadmin/kdc1.eng.acme.com@ENG.ACME.COM krbtgt/eng.acme.com@ENG.ACME.COM kadmin/history@ENG.ACME.COM pak/admin@ENG.ACME.COM pak@ENG.ACME.COM changepw/kdc1.eng.acme.com@ENG.ACME.COM # |
The following example backs up the pak and pak/admin principals from the Kerberos database.
# kdb5_util dump -verbose dumpfile pak/admin@ENG.ACME.COM pak@ENG.ACME.COM pak/admin@ENG.ACME.COM pak@ENG.ACME.COM # |
- © 2010, Oracle Corporation and/or its affiliates