kpropd issue when upgrading from 1.8.2 to 1.13.2

John Devitofranceschi jdvf at optonline.net
Sat Jun 27 02:18:50 EDT 2015


We are upgrading our infra to 1.13.2 and I noticed that kpropd fails when receiving a full sync.

We are upgrading the slaves first and the master last.

It seems that the 1.8.2 dump file claims to be ipropx, but it still only has the old-style policy records and that makes the 1.13.2 kpropd’s resync fail when kdb5_util is loading the kdb.

I’ve got a temporary work-around in place for our first batch of slaves: a wrapper around kdb5_util that appropriately munges the policy records in the ‘from_master’ file.  We can keep this in place for the next few weeks while we upgrade the rest of the KDCs. Once the master is upgraded, we can get rid of the script and let the real kdb5_util do its thing.

Are there any other possible work-arounds that don’t involve recompiling?

jd


More information about the Kerberos mailing list