[37133] in Kerberos
kpropd issue when upgrading from 1.8.2 to 1.13.2
daemon@ATHENA.MIT.EDU (John Devitofranceschi)
Sat Jun 27 02:19:07 2015
Date: Sat, 27 Jun 2015 02:18:50 -0400
From: John Devitofranceschi <jdvf@optonline.net>
To: kerberos@mit.edu
Message-id: <9FDA142C-DA73-45E6-AEA8-39D0B65391BD@optonline.net>
MIME-version: 1.0
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
We are upgrading our infra to 1.13.2 and I noticed that kpropd fails when receiving a full sync.
We are upgrading the slaves first and the master last.
It seems that the 1.8.2 dump file claims to be ipropx, but it still only has the old-style policy records and that makes the 1.13.2 kpropd’s resync fail when kdb5_util is loading the kdb.
I’ve got a temporary work-around in place for our first batch of slaves: a wrapper around kdb5_util that appropriately munges the policy records in the ‘from_master’ file. We can keep this in place for the next few weeks while we upgrade the rest of the KDCs. Once the master is upgraded, we can get rid of the script and let the real kdb5_util do its thing.
Are there any other possible work-arounds that don’t involve recompiling?
jd
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
