Migration
Step 6. Load the new version of the dump file generated from Step 4.
Use the kdb_load tool to load the database from the dump file, /opt/krb5/dumpfilev2.0.
# kdb_load
On successful completion the following message is displayed:
“Load Successful”
The migration of the Principal information is now complete.
Given below are a few pointers that need to be considered:
•The principal information is migrated from version 1.0 to version 2.0.
•The policy related information exists in the /opt/krb5/polv2 file. The system administrator needs to decide on the policies and add the policies to the /opt/krb5/password.policy file.
•The admin_acl_file cannot be migrated. The system administrator needs to be add the appropriate acls to the
/opt/krb5/admin_acl_file using the old admin_acl_file. Refer to “admin_acl_file” on page 95, for more information.
•The log messages of Step 4 are logged in the file,
/tmp/kdb_migrate.log.
If there are any problems during loading the new version of the dump file it needs to be diagnosed by the system administrator.
The log messages inform the failure ([ERR] message) and successful migrations ([LOG] messages), et all.
If the system administrator wants to configure a new system to be the Kerberos Server version 2.0 and wants to use the existing version
1.0dump file, it can be accomplished by securely copying the dump file onto a new system and by following Steps four to six, as discussed above.
The /ect/krb5.conf of the version 1.0 Server must be copied to the new system. Also, the /var/adm/krb5/krb5kdc/kdc.conf has to be copied if the master key principal name is not the default, K/M. If only the master key principal name differs from the default, avoid copying the kdc.conf by specifying the
Chapter 3 | 47 |