[krbdev.mit.edu #8220] Document KDC upgrade procedures

Greg Hudson via RT rt-comment at krbdev.mit.edu
Mon Jul 20 11:27:14 EDT 2015


Prior to the RST conversion, we had a brief section on upgrading the 
KDC (added for ticket #119).  It talked about doing a dump and load, 
which hasn't been necessary for any release since 1.1, and didn't 
talk about multi-KDC environments.  We don't appear to have any KDC 
upgrade documentation now.  We should write some, as we periodically 
get questions about how to do it.

Some considerations for when we write it:

* Slave KDCs should generally be upgraded before the master KDC, to 
ensure that they can process the dump files generated by the master 
(especially when using iprop; there is a workaround for traditional 
kprop).  This order also limits the impact of any problems resulting 
from the upgrade.

* Ticket #8213 should be considered when upgrading to affected 
versions in a realm using incremental propagation.



More information about the krb5-bugs mailing list