Migrating to a Newer Version of the Kerberos Server

Migrating from Kerberos Server Version 1.0 to 3.0

You can configure Kerberos server manually or by using the krbsetup tool.

Ensure that the following values are the same in both versions of the Kerberos server:

Realm name

Master key name

The master key password must be identical to the one that was used in v1.0. This is applicable if you have not opted to change the password, as mentioned in step 3. If you have changed the password, use the same new password while creating the Kerberos server v3.0 database.

If you used the -eoption to change the master key encryption type from v1.0 to v3.0 in step 3, use the same new encryption type for the master key while creating the database in v3.0.

If you did not specify the -eoption in step 3, then the encryption type with which the v3.0 database was created must be the same as the one specified while creating the v1.0 database. For more information, type man 4 kdc.conf at the HP-UX prompt and see the master_key_entry.

The krbsetup interactive tool prompts for the required parameters. For more information, type man 1M krbsetup at the HP-UX prompt or see “Auto-Configuration of the Kerberos Server” on page 63.

Step 6. Load the new version of the dump file generated in step 3.

Use the kdb_load tool to load the database from the dump file, /opt/krb5/dumpfilev3.0:

# kdb_load -f /opt/krb5/dumpfilev3.0

Upon success, the following message appears:

“Load Successful”

The migration process of the principal information is now completed.

Consider the following points:

The principal information is migrated from v1.0 to v3.0.

The /opt/krb5/polv2 file contains the policy-related information. You need to decide on the policies and add the policies to the

/opt/krb5/password.policy file.

Chapter 3

45

Page 45
Image 45
HP UX Kerberos Data Security Software manual Upon success, the following message appears