[38139] in Kerberos
Re: upgrading kdc from 1.9 to 1.16, things to worry about?
daemon@ATHENA.MIT.EDU (Chris Hecker)
Mon Dec 11 19:18:25 2017
MIME-Version: 1.0
In-Reply-To: <CALNT6MXGbn=dW70UVkgWbZwORb4zhgF9QQLc_skiEm5PH58LUg@mail.gmail.com>
From: Chris Hecker <checker@d6.com>
Date: Tue, 12 Dec 2017 00:18:00 +0000
Message-ID: <CAOdMLc1RcqVkOGxeQzpjkP0Gnw2z40-vkFx5iN6RL-gBYKoP0A@mail.gmail.com>
To: Todd Grayson <tgrayson@cloudera.com>
Cc: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
This is a centos5 x86 machine. I've got the schema that came with openldap
and the new one in krb5-1.16
Chris
On Mon, Dec 11, 2017 at 16:12 Todd Grayson <tgrayson@cloudera.com> wrote:
> What OS distro are you working over for the KDC hosts., the schema is no
> longer present in current distro specific packaging for openLDAP (that I
> can find).
>
> On Mon, Dec 11, 2017 at 12:50 PM, Chris Hecker <checker@d6.com> wrote:
>
>> Ok, moving this over to the main list...
>>
>> Anybody else have any thoughts on the update below?
>>
>> Thanks,
>> Chris
>>
>>
>> On Mon, Dec 11, 2017 at 11:11 Greg Hudson <ghudson@mit.edu> wrote:
>>
>> > kerberos@mit.edu is better for questions like this. Your plan seems
>> > sound, with the proviso that I'm not an expert on OpenLDAP (or whatever
>> > LDAP server you're using; 389ds also works with krb5, and likely
>> > others). So if there are potential issues with updating the schema, I
>> > wouldn't know about them. The new schema is indeed a superset of the
>> > old one, with optional attributes added.
>> >
>> > On 12/09/2017 10:57 PM, Chris Hecker wrote:
>> > > I need to update my kdc finally to get access to a couple new
>> features,
>> > and
>> > > because duh.
>> > >
>> > > My KDC uses the LDAP backend.
>> > >
>> > > - I was not planning on updating slapd.
>> > > - I was going to back up and everything, of course.
>> > > - I assume I need to copy the latest kerberos.schema over. It looks
>> like
>> > > it's just a superset of the old one.
>> > >
>> > > Is there anything else I need to look out for you guys can think of
>> when
>> > > doing this update?
>> > >
>> > > I have some patches that add minor features I'll have to port once
>> things
>> > > are up and running smoothly, and I'll finally contribute them back
>> like
>> > > promised to this list and Greg 5 years ago. Oops.
>> > >
>> > > Chris
>> > > _______________________________________________
>> > > krbdev mailing list krbdev@mit.edu
>> > > https://mailman.mit.edu/mailman/listinfo/krbdev
>> > >
>> >
>>
> ________________________________________________
>> Kerberos mailing list Kerberos@mit.edu
>> https://mailman.mit.edu/mailman/listinfo/kerberos
>>
>
>
>
> --
> Todd Grayson
> Business Operations Manager
> Customer Operations Engineering
> Security SME
>
>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
