Filter
Top Products
Migrating to a Newer Version of the Kerberos Server
Migrating from Kerberos Server Version 1.0 to 3.0
Chapter 3 43
Migrating from Kerberos Server Version 1.0 to
3.0
If you want to use the Kerberos server with C-tree as the backend
database, migrate your existing Kerberos server to Kerberos server v3.0.
In the Kerberos server v1.0, you can create a policy with any name and
attribute value. Any principal can subscribe to any of the policies in the
database.
In the Kerberos server v2.0, the password policy is based on the instance
name of the principal. The instance name is part of the principal name.
For example, in the principal, user1/admin@hp.com, admin is the
instance name. The principals having the admin instance inherit the
values defined for the admin policy in the password.policy file.
In the new version of the Kerberos server, v3.0, the password policies are
based on the policy subscribed to by the principal.
The policy information is available as a dump file after you have
migrated the dump file from v1.0 to v3.0. After the migration, the policy
information is not migrated automatically, that is, the policy to which a
principal is subscribed, is not updated in the database. The
administrator needs to explicitly classify the principals and add the
policies to the password.policy file, according to the site policy.
IMPORTANT You must modify the principals with the new policy. The instance-based
rules apply if you do not specify the policy.
You need to perform the task of manually migrating the
admin_acl_file from v1.0 to v3.0. For more information, see “The
admin_acl_file File” on page 113.
To migrate from Kerberos server v1.0 to v3.0, complete the following
steps:
Step 1. Dump the database on the v1.0 server.
On the Kerberos server v1.0, dump the database with the default dump
version. The dump file must contain the default header, “kdb5_util
load_dump version 5”.