Upgrade strategies

[John Devitofranceschi]

When upgrading from MIT Kerberos 1.X to 1.X+N what kind of general rules of thumb can one rely on in terms of compatibility?  

Should the slave KDCs be upgraded first, then the master?  Or upgrade the master first?

Any considerations when using incremental v. full propagation?

When upgrading to 1.11, what's the oldest previous version that requires more effort than just replacing the binaries (and possibly dealing with the 'weak crypto' changes)?

jd