How to quickly get a snapshot of the Heimdal DB file

Adam Lewenberg adamhl at
Sun Apr 2 16:35:40 CEST 2017

On 4/1/2017 5:22 PM, Jeffrey Hutzelman wrote:
> On Sat, 2017-04-01 at 16:59 -0700, Adam Lewenberg wrote:
>> I am looking for a quick way to get a snapshot of the Kerberos
>> database
>> file.
>> The most obvious way to do this would be to shutdown the kerberos
>> service, copy the file, and restart the service. This could be done
>> on
>> one of the replicas, perhaps one that does not get actual
>> authentication
>> requests.
>> Is there a faster way? For example, some database systems (e.g., MS
>> SQL)
>> have the ability to go into and out of a "quiescent" state faster
>> than a
>> full service stop/start to facilitate this sort of thing. Does
>> Heimdal
>> have something like this? Or is the full service restart the
>> only/best
>> option?
> hprop --stdout
> will produce a database dump that you can reload later if needed.

This looks to be a simple way to get a consistent snapshot with no 
service downtime. Thanks!

Adam Lewenberg

> kadmin -l list -l '*'
> will produce a verbose human-readable list of all the principals in the
> database and their attributes. Note that this is not particularly
> machine-readable and does not include keys, so it's not a backup.
> -- Jeff

More information about the Heimdal-discuss mailing list