OS upgrade of Kerberos server
Greg Hudson
ghudson at mit.edu
Wed Jun 10 11:29:11 EDT 2015
On 06/09/2015 10:49 AM, Matt Garman wrote:
> I just want to do a sanity check that I'm not overlooking any
> important step. I think I can basically follow the instructions
> provided here:
> http://web.mit.edu/kerberos/www/krb5-1.2/krb5-1.2.5/doc/install.html
That's really old documentation.
http://web.mit.edu/kerberos/www/krb5-1.10/krb5-1.10.7/doc/krb5-install.html
corresponds better to the version you're upgrading to. It probably
doesn't matter a whole lot.
> And obviously, instead of creating a new database, I'll re-create the
> old database from a dump.
>
> Am I missing anything? Is it safe to copy the old
> /var/kerberos/krb5kdc directory wholesale?
You should be able to just copy over the /var/kerberos/krb5kdc
directory; it shouldn't be necessary to make a dump.
> It seems fairly straightforward, perhaps too easy, so just looking for
> any words of wisdom that could save me some grief.
For the most part KDC upgrades are pretty easy, since we haven't made
any incompatible changes to the DB format. Production testing is still
recommended, but you appear to have done some of that with the slaves.
More information about the Kerberos
mailing list