```shell
从节点导出备份文件
kdb5_util dump -verbose /home/dengsc/kdc/bakfile
-rw------- 1 root root 2564199 2月 2 10:53 bakfile
-rw------- 1 root root 1 2月 2 10:53 bakfile.dump_ok
同步kdc.conf,krb5.conf,kadm5.acl,bakfile文件至恢复主机
scp kdc.conf kadm5.acl test01:/var/kerberos/krb5kdc/
scp krb5.con test01:/etc/
scp bakfile test01:~/
在恢复主机初始化数据库,领域名与先前一致,这里不确定以前的密码是什么,用了一个现在的密码
sudo kdb5_util create -r HADOOP.COM -s
导入备份数据
sudo kdb5_util load -verbose ~/bakfile
启动服务krb5kdc可以使用,主节点认证也可以,因为kadmin无法启动,无法创建新的主体
```
● kadmin.service - Kerberos 5 Password-changing and Administration
Loaded: loaded (/usr/lib/systemd/system/kadmin.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Fri 2023-02-03 11:08:46 CST; 5h 38min ago
Process: 26473 ExecStart=/usr/sbin/_kadmind -P /var/run/kadmind.pid $KADMIND_ARGS (code=exited, status=6)
Feb 03 11:08:46 m2 systemd[1]: Starting Kerberos 5 Password-changing and Administration...
Feb 03 11:08:46 m2 _kadmind[26473]: Error. This appears to be a slave server, found kpropd.acl
Feb 03 11:08:46 m2 systemd[1]: kadmin.service: control process exited, code=exited status=6
Feb 03 11:08:46 m2 systemd[1]: Failed to start Kerberos 5 Password-changing and Administration.
Feb 03 11:08:46 m2 systemd[1]: Unit kadmin.service entered failed state.
Feb 03 11:08:46 m2 systemd[1]: kadmin.service failed.
1.首先检查配置文件是否配置正确,检查特定的Kerberos服务器是否正在运行。
2确认kadmin能够正常访问KDC,并且检查Kerberos服务器所采用的网络端口是否正确。
3.检查有关安全组的限制是否授权kadmin发出信息