Node:Upgrading KDCs, Next:, Previous:Configuration Files, Up:Top



Upgrading KDCs

To convert your KDCs from Kerberos V4 to Kerberos V5, do the following:

  1. Install Kerberos V5 on each KDC, according to the instructions in the Kerberos V5 Installation Guide, up to the point where it tells you to create the database.
  2. Find the kadmind (V4) daemon process on the master KDC and kill it. This will prevent changes to the Kerberos database while you convert the database to the new Kerberos V5 format.
  3. Create a dump of the V4 database in the directory where your V5 database will reside by issuing the command:
              % kdb_util dump /usr/local/var/krb5kdc/v4-dump
              
  4. Load the V4 dump into a Kerberos V5 database, by issuing the command:
              % kdb5_util load_v4 v4-dump
              
  5. Create a Kerberos V5 stash file, if desired, by issuing the command:
              % kdb5_util stash
              
  6. Proceed with the rest of the Kerberos V5 installation as described in the Kerberos V5 Installation Guide. When you get to the section that tells you to start the krb5kdc and kadmind daemons, first find and kill the Kerberos V4 kerberos daemon on each of the KDCs. Then start the krb5kdc and kadmind daemons as You will need to specify an argument to the -4 command line option to enable Kerberos 4 compatibility. See the krb5kdc man page for details. directed. Finally, start the Kerberos V5 to V4 ticket translator daemon, krb524d, by issuing the command:
              % /usr/local/sbin/krb524d -m > /dev/null &
              

    If you have a stash file and you start the krb5kdc and kadmind daemons at boot time, you should add the above line to your /etc/rc (or /etc/rc.local) file on each KDC.