I am upgrading my kerberos KDC from 1.6.1 on CentOS 5 to 1.10.3 on
CentOS 6. I was able to migrate the database by:
1. Get master key type on old KDC
2. On old KDC dump the database using the same key I intend to use on
the new master
3. copy dumpfile to the new KDC
4. Change the master key type in kdc.conf to match the type from
step 1. In this case: des3-hmac-sha1
5. Create a databse on the new KDC. Use the same password as in step 2.
6. Load the dumpfile in to the new database
7. Create a new stash file
8. Restart the kdc and kadmin daemons
Everything works as expected -- so far :). Is it necessary or even
possible to re-key the database to use the default (aes256-cts?) in
newer version?
--
Stephen
________________________________________________
Kerberos mailing list [email protected]
https://mailman.mit.edu/mailman/listinfo/kerberos
