Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

Node:Upgrading Existing Kerberos V5 Installations, Next:, Previous:Installing Kerberos V5, Up:Top


Upgrading Existing Kerberos V5 Installations

If you already have an existing Kerberos database that you created with a prior release of Kerberos 5, you can upgrade it to work with the current release with the kdb5_util command. It is only necessary to perform this dump/undump procedure if you were running a krb5-1.0.x KDC and are migrating to a krb5-1.1.x or newer KDC or if you were running a krb5-1.1.x KDC and are migrating to a krb5-1.2.x or newer KDC. The process for upgrading a Master KDC involves the following steps:

  1. Stop your current KDC and administration server processes, if any.
  2. Dump your existing Kerberos database to an ASCII file with kdb5_util's "dump" command: 
              shell% cd /usr/local/var/krb5kdc
          shell% kdb5_util dump old-kdb-dump
          shell% kdb5_util dump -ov old-kdb-dump.ov
          shell%
  3. Create a new Master KDC installation (See Install the Master KDC.). If you have a stash file for your current database, choose any new master password but then copy your existing stash file to the location specified by your kdc.conf; if you do not have a stash file for your current database, you must choose the same master password.
  4. Load your old Kerberos database into the new system with kdb5_util's "load" command: 
              shell% cd /usr/local/var/krb5kdc
          shell% kdb5_util load old-kdb-dump
          shell% kdb5_util load -update old-kdb-dump.ov
          shell%

The "dump -ov" and "load -update" commands are necessary in order to preserve per-principal policy information, since the default dump format filters out that information. If you omit those steps, the loaded database database will lose the policy information for each principal that has a policy.

To update a Slave KDC, you must stop the old server processes on the Slave KDC, install the new server binaries, reload the most recent slave dump file, and re-start the server processes.


 
 
  © 1985-2006 by the Massachusetts Institute of Technology - Reproduced with permission. Design by Interspire