Migrating to a Newer Version of the Kerberos Server
Migrating from Kerberos Server Version 1.0 to 3.0
Chapter 346
The policy applicable to the principal that is migrated from v1.0 to
v3.0 is based on the instance name of the principals. To modify the
policy, edit the principal to change the policy name field to the new
policy.
• You cannot migrate the admin_acl_file. You need to add the
appropriate ACLs to the /opt/krb5/admin_acl_file using the old
admin_acl_file. For more information, see “The admin_acl_file
File” on page 113.
• The /tmp/kdb_migrate.log file contains the log messages of step 3.
The log messages inform you of the failure ([ERR] message),
successful migrations ([LOG] messages), and so forth.
If you encounter any problem while loading the new version of the
dump file, analyze the dump file.
Copy the /etc/krb5.conf file of the v1.0 server to the new system,
where you are installing the v3.0 server. In addition, copy the
/var/adm/krb5/krb5kdc/kdc.conf file if the master key principal
name is not the default K/M. If only the master key principal name differs
from the default, avoid copying the kdc.conf file by specifying the -M
option while using the kdb_migrate tool.
