Filter
Top Products
Migrating to a Newer Version of the Kerberos Server
Migrating from Kerberos Server Version 1.0 to 3.0
Chapter 3 45
You can configure Kerberos server manually or by using the krbsetup
tool.
Ensure that the following values are the same in both versions of the
Kerberos server:
• Realm name
• Master key name
The master key password must be identical to the one that was used in
v1.0. This is applicable if you have not opted to change the password, as
mentioned in step 3. If you have changed the password, use the same
new password while creating the Kerberos server v3.0 database.
If you used the -e option to change the master key encryption type from
v1.0 to v3.0 in step 3, use the same new encryption type for the master
key while creating the database in v3.0.
If you did not specify the -e option in step 3, then the encryption type
with which the v3.0 database was created must be the same as the one
specified while creating the v1.0 database. For more information, type
man 4 kdc.conf at the HP-UX prompt and see the master_key_entry.
The krbsetup interactive tool prompts for the required parameters. For
more information, type man 1M krbsetup at the HP-UX prompt or see
“Auto-Configuration of the Kerberos Server” on page 63.
Step 6. Load the new version of the dump file generated in step 3.
Use the kdb_load tool to load the database from the dump file,
/opt/krb5/dumpfilev3.0:
# kdb_load -f /opt/krb5/dumpfilev3.0
Upon success, the following message appears:
“Load Successful”
The migration process of the principal information is now completed.
Consider the following points:
• The principal information is migrated from v1.0 to v3.0.
• The /opt/krb5/polv2 file contains the policy-related information.
You need to decide on the policies and add the policies to the
/opt/krb5/password.policy file.