Migration

Step-wise Procedure For Migration

Step 6. Load the new version of the dump file generated from Step 4.

Use the kdb_load tool to load the database from the dump file, /opt/krb5/dumpfilev2.0.

# kdb_load -f /opt/krb5/dumpfilev2.0

On successful completion the following message is displayed:

“Load Successful”

The migration of the Principal information is now complete.

Given below are a few pointers that need to be considered:

The principal information is migrated from version 1.0 to version 2.0.

The policy related information exists in the /opt/krb5/polv2 file. The system administrator needs to decide on the policies and add the policies to the /opt/krb5/password.policy file.

The admin_acl_file cannot be migrated. The system administrator needs to be add the appropriate acls to the

/opt/krb5/admin_acl_file using the old admin_acl_file. Refer to “admin_acl_file” on page 95, for more information.

The log messages of Step 4 are logged in the file,

/tmp/kdb_migrate.log.

If there are any problems during loading the new version of the dump file it needs to be diagnosed by the system administrator.

The log messages inform the failure ([ERR] message) and successful migrations ([LOG] messages), et all.

If the system administrator wants to configure a new system to be the Kerberos Server version 2.0 and wants to use the existing version

1.0dump file, it can be accomplished by securely copying the dump file onto a new system and by following Steps four to six, as discussed above.

The /ect/krb5.conf of the version 1.0 Server must be copied to the new system. Also, the /var/adm/krb5/krb5kdc/kdc.conf has to be copied if the master key principal name is not the default, K/M. If only the master key principal name differs from the default, avoid copying the kdc.conf by specifying the -Moption while using the kdb_migrate tool, as described in Step 4.

Chapter 3

47

Page 47
Image 47
HP UX Kerberos Data Security Software manual On successful completion the following message is displayed