Migrating to a Newer Version of the Kerberos Server
Migrating from Kerberos Server Version 1.0 to 3.0Migrating from Kerberos Server Version 1.0 to 3.0If you want to use the Kerberos server with
In the Kerberos server v1.0, you can create a policy with any name and attribute value. Any principal can subscribe to any of the policies in the database.
In the Kerberos server v2.0, the password policy is based on the instance name of the principal. The instance name is part of the principal name. For example, in the principal, user1/admin@hp.com, admin is the instance name. The principals having the admin instance inherit the values defined for the admin policy in the password.policy file.
In the new version of the Kerberos server, v3.0, the password policies are based on the policy subscribed to by the principal.
The policy information is available as a dump file after you have migrated the dump file from v1.0 to v3.0. After the migration, the policy information is not migrated automatically, that is, the policy to which a principal is subscribed, is not updated in the database. The administrator needs to explicitly classify the principals and add the policies to the password.policy file, according to the site policy.
IMPORTANT | You must modify the principals with the new policy. The |
| rules apply if you do not specify the policy. |
|
|
You need to perform the task of manually migrating the
admin_acl_file from v1.0 to v3.0. For more information, see “The admin_acl_file File” on page 113.
To migrate from Kerberos server v1.0 to v3.0, complete the following steps:
Step 1. Dump the database on the v1.0 server.
On the Kerberos server v1.0, dump the database with the default dump version. The dump file must contain the default header, “kdb5_util load_dump version 5”.
Chapter 3 | 43 |