Re: upgrading kdc from 1.9 to 1.16, things to worry about?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: upgrading kdc from 1.9 to 1.16, things to worry about?

Chris Hecker
Ok, moving this over to the main list...

Anybody else have any thoughts on the update below?

Thanks,
Chris


On Mon, Dec 11, 2017 at 11:11 Greg Hudson <[hidden email]> wrote:

> [hidden email] is better for questions like this.  Your plan seems
> sound, with the proviso that I'm not an expert on OpenLDAP (or whatever
> LDAP server you're using; 389ds also works with krb5, and likely
> others).  So if there are potential issues with updating the schema, I
> wouldn't know about them.  The new schema is indeed a superset of the
> old one, with optional attributes added.
>
> On 12/09/2017 10:57 PM, Chris Hecker wrote:
> > I need to update my kdc finally to get access to a couple new features,
> and
> > because duh.
> >
> > My KDC uses the LDAP backend.
> >
> > - I was not planning on updating slapd.
> > - I was going to back up and everything, of course.
> > - I assume I need to copy the latest kerberos.schema over. It looks like
> > it's just a superset of the old one.
> >
> > Is there anything else I need to look out for you guys can think of when
> > doing this update?
> >
> > I have some patches that add minor features I'll have to port once things
> > are up and running smoothly, and I'll finally contribute them back like
> > promised to this list and Greg 5 years ago.  Oops.
> >
> > Chris
> > _______________________________________________
> > krbdev mailing list             [hidden email]
> > https://mailman.mit.edu/mailman/listinfo/krbdev
> >
>
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: upgrading kdc from 1.9 to 1.16, things to worry about?

Todd Grayson
What OS distro are you working over for the KDC hosts., the schema is no
longer present in current distro specific packaging for openLDAP (that I
can find).

On Mon, Dec 11, 2017 at 12:50 PM, Chris Hecker <[hidden email]> wrote:

> Ok, moving this over to the main list...
>
> Anybody else have any thoughts on the update below?
>
> Thanks,
> Chris
>
>
> On Mon, Dec 11, 2017 at 11:11 Greg Hudson <[hidden email]> wrote:
>
> > [hidden email] is better for questions like this.  Your plan seems
> > sound, with the proviso that I'm not an expert on OpenLDAP (or whatever
> > LDAP server you're using; 389ds also works with krb5, and likely
> > others).  So if there are potential issues with updating the schema, I
> > wouldn't know about them.  The new schema is indeed a superset of the
> > old one, with optional attributes added.
> >
> > On 12/09/2017 10:57 PM, Chris Hecker wrote:
> > > I need to update my kdc finally to get access to a couple new features,
> > and
> > > because duh.
> > >
> > > My KDC uses the LDAP backend.
> > >
> > > - I was not planning on updating slapd.
> > > - I was going to back up and everything, of course.
> > > - I assume I need to copy the latest kerberos.schema over. It looks
> like
> > > it's just a superset of the old one.
> > >
> > > Is there anything else I need to look out for you guys can think of
> when
> > > doing this update?
> > >
> > > I have some patches that add minor features I'll have to port once
> things
> > > are up and running smoothly, and I'll finally contribute them back like
> > > promised to this list and Greg 5 years ago.  Oops.
> > >
> > > Chris
> > > _______________________________________________
> > > krbdev mailing list             [hidden email]
> > > https://mailman.mit.edu/mailman/listinfo/krbdev
> > >
> >
> ________________________________________________
> Kerberos mailing list           [hidden email]
> https://mailman.mit.edu/mailman/listinfo/kerberos
>



--
Todd Grayson
Business Operations Manager
Customer Operations Engineering
Security SME
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos
Reply | Threaded
Open this post in threaded view
|

Re: upgrading kdc from 1.9 to 1.16, things to worry about?

Chris Hecker
This is a centos5 x86 machine.  I've got the schema that came with openldap
and the new one in krb5-1.16

Chris


On Mon, Dec 11, 2017 at 16:12 Todd Grayson <[hidden email]> wrote:

> What OS distro are you working over for the KDC hosts., the schema is no
> longer present in current distro specific packaging for openLDAP (that I
> can find).
>
> On Mon, Dec 11, 2017 at 12:50 PM, Chris Hecker <[hidden email]> wrote:
>
>> Ok, moving this over to the main list...
>>
>> Anybody else have any thoughts on the update below?
>>
>> Thanks,
>> Chris
>>
>>
>> On Mon, Dec 11, 2017 at 11:11 Greg Hudson <[hidden email]> wrote:
>>
>> > [hidden email] is better for questions like this.  Your plan seems
>> > sound, with the proviso that I'm not an expert on OpenLDAP (or whatever
>> > LDAP server you're using; 389ds also works with krb5, and likely
>> > others).  So if there are potential issues with updating the schema, I
>> > wouldn't know about them.  The new schema is indeed a superset of the
>> > old one, with optional attributes added.
>> >
>> > On 12/09/2017 10:57 PM, Chris Hecker wrote:
>> > > I need to update my kdc finally to get access to a couple new
>> features,
>> > and
>> > > because duh.
>> > >
>> > > My KDC uses the LDAP backend.
>> > >
>> > > - I was not planning on updating slapd.
>> > > - I was going to back up and everything, of course.
>> > > - I assume I need to copy the latest kerberos.schema over. It looks
>> like
>> > > it's just a superset of the old one.
>> > >
>> > > Is there anything else I need to look out for you guys can think of
>> when
>> > > doing this update?
>> > >
>> > > I have some patches that add minor features I'll have to port once
>> things
>> > > are up and running smoothly, and I'll finally contribute them back
>> like
>> > > promised to this list and Greg 5 years ago.  Oops.
>> > >
>> > > Chris
>> > > _______________________________________________
>> > > krbdev mailing list             [hidden email]
>> > > https://mailman.mit.edu/mailman/listinfo/krbdev
>> > >
>> >
>>
> ________________________________________________
>> Kerberos mailing list           [hidden email]
>> https://mailman.mit.edu/mailman/listinfo/kerberos
>>
>
>
>
> --
> Todd Grayson
> Business Operations Manager
> Customer Operations Engineering
> Security SME
>
>
________________________________________________
Kerberos mailing list           [hidden email]
https://mailman.mit.edu/mailman/listinfo/kerberos