Migration

Step-wise Procedure For Migration

 

 

The password of the master key can also be changed while executing the

 

 

migration tool. The tool will prompt you for a password change. If you

 

 

want to change the password, type yes at the command prompt. If you do

 

 

not want to change the password, type no at the command prompt.

 

 

The same password has to be used while creating the minimal database

NOTE

 

 

 

for version 2.0 of the Kerberos Server, as described in Step 5.

 

 

The Policy information is available in /opt/krb5/polv2 and the logs will

 

 

 

 

be available in /tmp/kdb_migrate.log directory.

Step

5. Configure the Kerberos Server V 2.0

 

 

This can either be done manually or by using the krbsetup tool.

 

 

The following values need to be the same in both the versions of the

 

 

Kerberos Server:

 

 

realm name

 

 

master key name

The master key password should be identical to the one that was used in version 1.0. This is applicable if you have not opted to change the password, as mentioned in Step 4. If you have changed the password, the same new password has to be used while creating the Kerberos Server version 2.0 database.

If the -e option is used to change the master key encryption type from version 1.0 to version 2.0, in Step 4, then the same new encryption type has to be used for the master key while creating the database in version 2.0.

If the -e option is not specified, in Step 4, then the encryption type with which the version 2.0 database is created should be the same as the one specified while creating the version 1.0 database. Refer to the kdc.conf manpage, master_key_entry, for more details.

# krbsetup

This is an interactive tool that will prompt you for the required parameters. Refer to the krbsetup (1M) manpage or “Auto-Configuration of the Security Server” on page 64, for more details.

46

Chapter 3