Node:Upgrading Existing Kerberos V5 Installations, Next:Bug Reports for Kerberos V5, Previous:Installing Kerberos V5, Up:Top
If you already have an existing Kerberos database that you created with
a prior release of Kerberos 5, you can upgrade it to work with the
current release with the kdb5_util
command. It is only
necessary to perform this dump/undump procedure if you were running a
krb5-1.0.x KDC and are migrating to a krb5-1.1.x or newer KDC or if you
were running a krb5-1.1.x KDC and are migrating to a krb5-1.2.x or newer
KDC. The process for upgrading a Master KDC involves the following
steps:
kdb5_util
's "dump" command:
shell% cd /usr/local/var/krb5kdc shell% kdb5_util dump old-kdb-dump shell% kdb5_util dump -ov old-kdb-dump.ov shell%
kdb5_util
's "load" command:
shell% cd /usr/local/var/krb5kdc shell% kdb5_util load old-kdb-dump shell% kdb5_util load -update old-kdb-dump.ov shell%
The "dump -ov" and "load -update" commands are necessary in order to preserve per-principal policy information, since the default dump format filters out that information. If you omit those steps, the loaded database database will lose the policy information for each principal that has a policy.
To update a Slave KDC, you must stop the old server processes on the Slave KDC, install the new server binaries, reload the most recent slave dump file, and re-start the server processes.