upgrading kdc from 1.9 to 1.16, things to worry about?

Chris Hecker checker at d6.com
Mon Dec 11 19:18:00 EST 2017


This is a centos5 x86 machine.  I've got the schema that came with openldap
and the new one in krb5-1.16

Chris


On Mon, Dec 11, 2017 at 16:12 Todd Grayson <tgrayson at cloudera.com> wrote:

> What OS distro are you working over for the KDC hosts., the schema is no
> longer present in current distro specific packaging for openLDAP (that I
> can find).
>
> On Mon, Dec 11, 2017 at 12:50 PM, Chris Hecker <checker at d6.com> wrote:
>
>> Ok, moving this over to the main list...
>>
>> Anybody else have any thoughts on the update below?
>>
>> Thanks,
>> Chris
>>
>>
>> On Mon, Dec 11, 2017 at 11:11 Greg Hudson <ghudson at mit.edu> wrote:
>>
>> > kerberos at mit.edu is better for questions like this.  Your plan seems
>> > sound, with the proviso that I'm not an expert on OpenLDAP (or whatever
>> > LDAP server you're using; 389ds also works with krb5, and likely
>> > others).  So if there are potential issues with updating the schema, I
>> > wouldn't know about them.  The new schema is indeed a superset of the
>> > old one, with optional attributes added.
>> >
>> > On 12/09/2017 10:57 PM, Chris Hecker wrote:
>> > > I need to update my kdc finally to get access to a couple new
>> features,
>> > and
>> > > because duh.
>> > >
>> > > My KDC uses the LDAP backend.
>> > >
>> > > - I was not planning on updating slapd.
>> > > - I was going to back up and everything, of course.
>> > > - I assume I need to copy the latest kerberos.schema over. It looks
>> like
>> > > it's just a superset of the old one.
>> > >
>> > > Is there anything else I need to look out for you guys can think of
>> when
>> > > doing this update?
>> > >
>> > > I have some patches that add minor features I'll have to port once
>> things
>> > > are up and running smoothly, and I'll finally contribute them back
>> like
>> > > promised to this list and Greg 5 years ago.  Oops.
>> > >
>> > > Chris
>> > > _______________________________________________
>> > > krbdev mailing list             krbdev at mit.edu
>> > > https://mailman.mit.edu/mailman/listinfo/krbdev
>> > >
>> >
>>
> ________________________________________________
>> Kerberos mailing list           Kerberos at mit.edu
>> https://mailman.mit.edu/mailman/listinfo/kerberos
>>
>
>
>
> --
> Todd Grayson
> Business Operations Manager
> Customer Operations Engineering
> Security SME
>
>


More information about the Kerberos mailing list