1.8 and 1.4 compatibility
Tom_Krauss
thomas.krauss at itserv.de
Fri Oct 11 04:01:09 EDT 2013
Hi,
I am about to build up a backend for a Kerberos deployment.
It is a fix condition that the KDCs will run MIT 1.4 since the OS vendor`s
release must be used.
The principal DB will be in LDAP.
I am considering to use MIT 1.8 on the admin server since I would like to
have certain features
from the beginning (multirealm kadmind, norandkey, account lockout,
masterkey rollover).
This is possible due to a new OS release which could be used on some servers
but for the moment not on the KDCs.
Now I wonder what the downsides of this approach may be.
- is the information in the database written by 1.8 fully downward
compatible to be read by 1.4 krb5kdc daemons ?
- how about kadmin used from clients ?
- strictly from a Kerberos point of view and leaving the OS aside - is this
an acceptable setup to be run for a while or only advisable for a shorter
transition phase ?
I tested a bit with it and except for 1.4 kadmin.local (which segfaults
reading a principal written from 1.8) it seems to work fine.
Thanks for your thoughts
--
View this message in context: http://kerberos.996246.n3.nabble.com/1-8-and-1-4-compatibility-tp38643.html
Sent from the Kerberos - General mailing list archive at Nabble.com.
More information about the Kerberos
mailing list