[37078] in Kerberos
OS upgrade of Kerberos server
daemon@ATHENA.MIT.EDU (Matt Garman)
Tue Jun 9 10:53:18 2015
MIME-Version: 1.0
Date: Tue, 9 Jun 2015 09:49:02 -0500
Message-ID: <CAJvUf-CY37FALLoyGr5jKoQKYhRVUt9c2Vokc2vSeEcVo8MrcA@mail.gmail.com>
From: Matt Garman <matthew.garman@gmail.com>
To: "<kerberos@mit.edu>" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
I'm planning on upgrading the OS of our primary Kerberos server, from
CentOS 5.7 to CentOS 6.5 (essentially the same as RHEL). I'll be
using the vendor-provided MIT Kerberos packages. Old version is
1.6.1-62, new version is 1.10.3-10.
We have two slave KDCs, both of them are already on the newer OS and
Kerberos versions. As far as I can tell, the slaves appear to work,
as I can disable the krb5kdc service on the primary, and nothing
breaks.
I just want to do a sanity check that I'm not overlooking any
important step. I think I can basically follow the instructions
provided here:
http://web.mit.edu/kerberos/www/krb5-1.2/krb5-1.2.5/doc/install.html
but with the exceptions that all the config files will be copied over
from the old install:
- /etc/krb5.conf
- /etc/krb5.keytab
- /var/kerberos/krb5kdc/kdc.conf
- /var/kerberos/krb5kdc/kadm5.acl
And obviously, instead of creating a new database, I'll re-create the
old database from a dump.
Am I missing anything? Is it safe to copy the old
/var/kerberos/krb5kdc directory wholesale?
It seems fairly straightforward, perhaps too easy, so just looking for
any words of wisdom that could save me some grief.
Thanks!
Matt
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
