[36395] in Kerberos
Kerberos Migration Question.
daemon@ATHENA.MIT.EDU (Stephen Carville (Kerberos List))
Fri Aug 22 11:43:56 2014
Message-ID: <53F7632A.8040106@opayq.com>
Date: Fri, 22 Aug 2014 08:35:06 -0700
From: "Stephen Carville (Kerberos List)" <b44261a2@opayq.com>
MIME-Version: 1.0
To: kerberos@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
I am upgrading my kerberos KDC from 1.6.1 on CentOS 5 to 1.10.3 on
CentOS 6. I was able to migrate the database by:
1. Get master key type on old KDC
2. On old KDC dump the database using the same key I intend to use on
the new master
3. copy dumpfile to the new KDC
4. Change the master key type in kdc.conf to match the type from
step 1. In this case: des3-hmac-sha1
5. Create a databse on the new KDC. Use the same password as in step 2.
6. Load the dumpfile in to the new database
7. Create a new stash file
8. Restart the kdc and kadmin daemons
Everything works as expected -- so far :). Is it necessary or even
possible to re-key the database to use the default (aes256-cts?) in
newer version?
--
Stephen
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
