[37079] in Kerberos
Re: OS upgrade of Kerberos server
daemon@ATHENA.MIT.EDU (Greg Hudson)
Wed Jun 10 11:29:31 2015
Message-ID: <557857C7.2030607@mit.edu>
Date: Wed, 10 Jun 2015 11:29:11 -0400
From: Greg Hudson <ghudson@mit.edu>
MIME-Version: 1.0
To: Matt Garman <matthew.garman@gmail.com>,
"<kerberos@mit.edu>" <kerberos@mit.edu>
In-Reply-To: <CAJvUf-CY37FALLoyGr5jKoQKYhRVUt9c2Vokc2vSeEcVo8MrcA@mail.gmail.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 06/09/2015 10:49 AM, Matt Garman wrote:
> I just want to do a sanity check that I'm not overlooking any
> important step. I think I can basically follow the instructions
> provided here:
> http://web.mit.edu/kerberos/www/krb5-1.2/krb5-1.2.5/doc/install.html
That's really old documentation.
http://web.mit.edu/kerberos/www/krb5-1.10/krb5-1.10.7/doc/krb5-install.html
corresponds better to the version you're upgrading to. It probably
doesn't matter a whole lot.
> And obviously, instead of creating a new database, I'll re-create the
> old database from a dump.
>
> Am I missing anything? Is it safe to copy the old
> /var/kerberos/krb5kdc directory wholesale?
You should be able to just copy over the /var/kerberos/krb5kdc
directory; it shouldn't be necessary to make a dump.
> It seems fairly straightforward, perhaps too easy, so just looking for
> any words of wisdom that could save me some grief.
For the most part KDC upgrades are pretty easy, since we haven't made
any incompatible changes to the DB format. Production testing is still
recommended, but you appear to have done some of that with the slaves.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
