Migrating to a Newer Version of the Kerberos Server

Migrating from Kerberos Server Version 2.0 to Version 3.0

 

 

Migrating from Kerberos Server Version 2.0 to

 

 

Version 3.0

 

 

If you want to use the Kerberos server with C-tree as the backend

 

 

database, migrate your existing Kerberos server to Kerberos server v3.0.

 

 

In the Kerberos server v2.x, the password policy was based on the

 

 

instance name to which the principal belongs. Starting with the

 

 

Kerberos server v3.0, the password policy is not based on the instance

 

 

name but is based on the policy subscribed to the principal, which

 

 

provides the flexibility for a principal to subscribe to any policy in the

 

 

/opt/krb5/password.policy file.

 

 

You must securely copy the adm_acl_file from the Kerberos server v2.0

 

 

to the v3.0 system.

 

 

 

IMPORTANT

 

After migrating the v2.0 database to the v3.0 server, you must modify the

 

 

v2.0 principals with the appropriate policy names (policy names are

 

 

present in the /opt/krb5/password.policy file). The instance-based

 

 

rules apply if you do not specify the policy name.

 

 

To retain the v2.0 policies, copy the password.policy file to the v3.0

 

 

server before creating a new principal.

 

 

You can change the policy name using one of the administrative tools:

 

 

kadminl, kadmin, kadminl_ui or kadmin_ui.

 

 

When you migrate the v2.0 database to the v3.0 server, the default

 

 

principal of the v2.0 database does not contain the policy name field.

 

 

Therefore, the default policy applicable to the created principals is * (the

 

 

default policy), until you modify the default policy of the principal.

 

 

To migrate from Kerberos server v2.0 to v3.0, complete the following

 

 

 

 

steps:

Step

1. Dump the database on the v2.0 server.

 

 

On the Kerberos server v2.0, dump the database with the default dump

 

 

version. The dump file must contain the default header, “kdb5_util

 

 

load_dump version 5.0”.

Chapter 3

47

Page 47
Image 47
HP UX Kerberos Data Security Software manual Migrating from Kerberos Server Version 2.0 to