OS upgrade of Kerberos server

Matt Garman matthew.garman at gmail.com
Tue Jun 9 10:49:02 EDT 2015


I'm planning on upgrading the OS of our primary Kerberos server, from
CentOS 5.7 to CentOS 6.5 (essentially the same as RHEL).  I'll be
using the vendor-provided MIT Kerberos packages.  Old version is
1.6.1-62, new version is 1.10.3-10.

We have two slave KDCs, both of them are already on the newer OS and
Kerberos versions.  As far as I can tell, the slaves appear to work,
as I can disable the krb5kdc service on the primary, and nothing
breaks.

I just want to do a sanity check that I'm not overlooking any
important step.  I think I can basically follow the instructions
provided here:
    http://web.mit.edu/kerberos/www/krb5-1.2/krb5-1.2.5/doc/install.html
but with the exceptions that all the config files will be copied over
from the old install:
    - /etc/krb5.conf
    - /etc/krb5.keytab
    - /var/kerberos/krb5kdc/kdc.conf
    - /var/kerberos/krb5kdc/kadm5.acl

And obviously, instead of creating a new database, I'll re-create the
old database from a dump.

Am I missing anything?  Is it safe to copy the old
/var/kerberos/krb5kdc directory wholesale?

It seems fairly straightforward, perhaps too easy, so just looking for
any words of wisdom that could save me some grief.

Thanks!
Matt


More information about the Kerberos mailing list