Hi Ben, thx for your explanation. I have to look for an easier way. I think an export and import of the user principal names without realmname from the old to the new realm will be easier. One disadvantage are a lot of new keytabs and users have to set new passwords.
Andy > The realm name is part of the salt used as input to the password hashing > process. Normally, the salt is not stored in the database and the default > salt is computed at runtime by concatenating the realm and principal name. > Changing the realm without changing the password-derived keys will require > manually setting an explicit salt on all password-derived keys. Renaming > a realm is not a common operation, so good tooling has not been developed > and incorporated into the release. > > -Ben Kaduk
smime.p7s
Description: S/MIME Cryptographic Signature
________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
