Node:Introduction, Next:, Previous:Copyright, Up:Top


As with most software upgrades, Kerberos V5 is generally backward compatible but not necessarily forward compatible. The Kerberos V5 daemons can interoperate with Kerberos V4 clients, but most of the Kerberos V4 daemons can not interoperate with Kerberos V5 clients. This suggests the following strategy for performing the upgrade:

  1. Upgrade your KDCs. This must be done first, so that interactions with the Kerberos database, whether by Kerberos V5 clients or by Kerberos V4 clients, will succeed.
  2. Upgrade your servers. This must be done before upgrading client machines, so that the servers are able to respond to both Kerberos V5 and Kerberos V4 queries.
  3. Upgrade your client machines. Do this only after your KDCs and application servers are upgraded, so that all of your Kerberos V5 clients will be talking to Kerberos V5 daemons.