Kerberos Migration Question.

Stephen Carville (Kerberos List) b44261a2 at opayq.com
Fri Aug 22 11:35:06 EDT 2014


I am upgrading my kerberos KDC from 1.6.1 on CentOS 5 to 1.10.3 on
CentOS 6.  I was able to migrate the database by:

 1. Get master key type on old KDC

 2. On old KDC dump the database using the same key I intend to use on
    the new master

 3. copy dumpfile to the new KDC

 4. Change the master key type in kdc.conf to match the type from
    step 1. In this case: des3-hmac-sha1

 5. Create a databse on the new KDC. Use the same password as in step 2.

 6. Load the dumpfile in to the new database

 7. Create a new stash file

 8. Restart the kdc and kadmin daemons

Everything works as expected -- so far :).  Is it necessary or even
possible to re-key the database to use the default (aes256-cts?) in
newer version?

--
Stephen


More information about the Kerberos mailing list