Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 Kerberos Server Version 3.12 Administrator's Guide: HP-UX 11i v3 > Chapter 3 Migrating to a Newer Version of the Kerberos Server

Migrating from Kerberos Server Version 2.0 to Version 3.0
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

If you want to use the Kerberos server with C-tree as the backend database, migrate your existing Kerberos server to Kerberos server v3.0.

In the Kerberos server v2.x, the password policy was based on the instance name to which the principal belongs. Starting with the Kerberos server v3.0, the password policy is not based on the instance name but is based on the policy subscribed to the principal, which provides the flexibility for a principal to subscribe to any policy in the /opt/krb5/password.policy file.

You must securely copy the adm_acl_file from the Kerberos server v2.0 to the v3.0 system.

IMPORTANT: After migrating the v2.0 database to the v3.0 server, you must modify the v2.0 principals with the appropriate policy names (policy names are present in the /opt/krb5/password.policy file). The instance-based rules apply if you do not specify the policy name.

To retain the v2.0 policies, copy the password.policy file to the v3.0 server before creating a new principal.

You can change the policy name using one of the administrative tools: kadminl, kadmin, kadminl_ui or kadmin_ui.

When you migrate the v2.0 database to the v3.0 server, the default principal of the v2.0 database does not contain the policy name field. Therefore, the default policy applicable to the created principals is * (the default policy), until you modify the default policy of the principal.

To migrate from Kerberos server v2.0 to v3.0, complete the following steps:

  1. Dump the database on the v2.0 server.

    On the Kerberos server v2.0, dump the database with the default dump version. The dump file must contain the default header, “kdb5_util load_dump version 5.0”.

    # kdb_dump -f /opt/krb5/dumpfilev2.0

  2. Copy the dump file to the system on which you are installing the v3.0 Kerberos server

  3. Install the v3.0 Kerberos daemons on the new system.

  4. Configure Kerberos Server v3.0.

    NOTE: Ensure that the following values are identical on both the versions of the Kerberos server:

    • Realm name

    • Master key name

    Ensure that the master key password is identical to the one that was used in v2.0:

    # krbsetup

    The instance-based policy applies if you do not subscribe principals to a specific policy.

    You can configure the Kerberos server manually or by using the krbsetup tool. This is an interactive tool that prompts you for the required parameters. For more information, type man 1M krbsetup at the HP-UX prompt or see “Autoconfiguring the Kerberos Server ”“Auto-Configuration of the Kerberos Server” on page 63.

  5. Load the dump file generated in step 1 using the following command:

    #kdb_load -f <dump_filename>

On successful completion, the following message is displayed:

Load Successful

Now, the migration process of the principal information is completed.



Migrating from Kerberos Server Version 1.0 to 3.0
  		 


Migrating from Kerberos Server Version 3.0 to Version 3.12  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2007 Hewlett-Packard Development Company, L.P.