Backing up and restoring the IBM MFA database

The IBM® MFA database includes details about the system configuration, details about all registered users, their configured policies, and authentication methods. You should regularly back up the IBM MFA database.

Before you begin

As a general best practice, you should back up the IBM MFA database at the following times:
  • After configuring users, policies, or authentication methods.
  • Before performing maintenance activity on the system.
  • Periodically, following your local policies and procedures.

About this task

To back up the IBM MFA database, complete the following steps:

Procedure

  1. Enter the following command as root to back up the database. The resulting /opt/IBM/MFA/mfadb.sql file contains all of the commands that are needed to re-create the database until that time.
    /usr/bin/pg_dump -f /opt/IBM/MFA/mfadb.sql -d mfadb
  2. If you need to restore the database from the backup, enter the following command as root to restore the database:
    /usr/bin/psql -U root -d mfadb -f /opt/IBM/MFA/mfadb.sql
    The command populates the database by running all of the commands in the /opt/IBM/MFA/mfadb.sql file.
    Important: If the existing database is not empty, commands will fail because the entries already exist in the database. If you need to restore the database from the backup and the existing database is not empty, you must first delete the existing database:
    1. Ensure that you have a valid mfadb.sql file before you continue:
       ls -l /opt/IBM/MFA/mfadb.sql
      
    2. Enter the following command as root to delete the existing database:
      dropdb mfadb
    3. Become the postgres user and enter the following command to create the database:
      su - postgres
      createdb -O root mfadb
    4. Exit the postgres user account:
      exit
    5. Enter the following command as root to restore the database:
      /usr/bin/psql -U root -d mfadb -f /opt/IBM/MFA/mfadb.sql