Hello Vanna, If your backend store is LDAP, I would expect it to be portable. You can actually try that by having multiple KDCs use the same LDAP, because the KDC has readonly access. You could temporarily shut down the write actions during the transition (kadmin, kpasswd) but even there I doubt it would be problematic, as LDAP makes atomic object updates and Kerberos contains its data in single objects.
For other backends I don’t know — maybe a transition to LDAP first, but I don’t know if that’s documented anywhere. Does this help? Cheers, -Rick ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
