Migrating to a Newer Version of the Kerberos Server

v3.0 to v3.1. The Kerberos database formats of v2.0 and v3.0 are compatible with each other, but the database formats of Kerberos server v1.0 and v3.0 are not compatible with each other. Therefore, migrate the database format from v1.0 to v3.0.

The Kerberos server v1.0 database contains information related both to principal and policy. However, the Kerberos server v3.0 database contains only the principal-related information, and contains the policy-related information in a separate file, password.policy. The Kerberos server v3.0 supports a tool to migrate the principal-related information from v1.0 to v3.0.

To migrate from the Kerberos server v2.0 database to v3.0, dump the v2.0 database using the kdb_dump utility, and load this dump file into the v3.0 database using the kdb_load utility. If you are migrating the Kerberos database from v1.0 to v3.0 or from v2.0 to v3.0, create a dump file of the older Kerberos database before installing the new version of the Kerberos server. For more information, see “Migrating from Kerberos Server Version 1.0 to 3.0” on page 43, and “Migrating from Kerberos Server Version 2.0 to Version 3.0” on page 47.

To migrate from the Kerberos server v3.0 to v3.1, dump the v3.0 database using the krb_2_ldap utility, and load this dump file into the v3.1 database using the ldapmodidfy command. For more information, see “Migrating from Kerberos Server Version 3.0 to Version 3.1” on page 49.

NOTE

You must manually migrate the policy information from v1.0 to v3.0.

 

However, while migrating from v2.0 to v3.0, you need not migrate the

 

password.policy file that contains the policy-related information.

 

 

This chapter discusses the following topics:

“Migrating from Kerberos Server Version 1.0 to 3.0” on page 43

“Migrating from Kerberos Server Version 2.0 to Version 3.0” on page 47

“Migrating from Kerberos Server Version 3.0 to Version 3.1” on page 49

42

Chapter 3

Page 42
Image 42
HP UX Kerberos Data Security Software manual Migrating to a Newer Version of the Kerberos Server