Migrating to a Newer Version of the Kerberos Server
Migrating from Kerberos Server Version 1.0 to 3.0
|
| # kdb5_util dump /opt/krb5/dumpfilev1.0 |
Step | 2. | Copy the dump file to the new system where you are installing the |
|
| Kerberos server v3.0. |
Step | 3. | Install the v3.0 Kerberos daemons on the new system. |
Step | 4. | Migrate the v1.0 dump file to the v3.0 dump file. |
|
| To generate the v3.0 dump file, run the kdb_migrate tool on the system |
|
| where Kerberos server v3.0 is installed: |
|
| # kdb_migrate |
|
| => /opt/krb5/dumpfilev3.0 |
|
| => /tmp/kdb_migrate.log |
|
|
|
NOTE |
| The lines beginning with => are continuations of the previous line. |
|
| If the /var/adm/krb5/krb5kdc/kdc.conf file does not exist and the |
|
| |
|
| master key name is not the default (K/M), specify this as an argument in |
|
| kdb_migrate by specifying the |
|
| If the /var/adm/krb5/krb5kdc/kdc.conf file does not exist and the |
|
| option is not specified, the encryption type is the encryption type of the |
|
| master principal obtained from the dumpfilev1.0. |
|
| If the /etc/krb5.conf file does not exist, the migration process fails. |
|
| You can change the password of the master key while executing the |
|
| migration tool. The tool prompts you for a password change. If you want |
|
| to change the password, type yes at the command prompt. If you do not |
|
| want to change the password, type no at the command prompt. |
|
|
|
NOTE |
| You must use the same password while creating the minimal database |
|
| for v3.0 of the Kerberos server, as described in step 5. |
|
| The policy information is available in the /opt/krb5/polv2 directory |
|
| |
|
| and the logs are available in /tmp/kdb_migrate.log file. |
Step | 5. | Configure the Kerberos server v3.0. |
44 | Chapter 3 |