upgrading kdc from 1.9 to 1.16, things to worry about?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

upgrading kdc from 1.9 to 1.16, things to worry about?

Chris Hecker
I need to update my kdc finally to get access to a couple new features, and
because duh.

My KDC uses the LDAP backend.

- I was not planning on updating slapd.
- I was going to back up and everything, of course.
- I assume I need to copy the latest kerberos.schema over. It looks like
it's just a superset of the old one.

Is there anything else I need to look out for you guys can think of when
doing this update?

I have some patches that add minor features I'll have to port once things
are up and running smoothly, and I'll finally contribute them back like
promised to this list and Greg 5 years ago.  Oops.

Chris
_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev
Reply | Threaded
Open this post in threaded view
|

Re: upgrading kdc from 1.9 to 1.16, things to worry about?

Greg Hudson
[hidden email] is better for questions like this.  Your plan seems
sound, with the proviso that I'm not an expert on OpenLDAP (or whatever
LDAP server you're using; 389ds also works with krb5, and likely
others).  So if there are potential issues with updating the schema, I
wouldn't know about them.  The new schema is indeed a superset of the
old one, with optional attributes added.

On 12/09/2017 10:57 PM, Chris Hecker wrote:

> I need to update my kdc finally to get access to a couple new features, and
> because duh.
>
> My KDC uses the LDAP backend.
>
> - I was not planning on updating slapd.
> - I was going to back up and everything, of course.
> - I assume I need to copy the latest kerberos.schema over. It looks like
> it's just a superset of the old one.
>
> Is there anything else I need to look out for you guys can think of when
> doing this update?
>
> I have some patches that add minor features I'll have to port once things
> are up and running smoothly, and I'll finally contribute them back like
> promised to this list and Greg 5 years ago.  Oops.
>
> Chris
> _______________________________________________
> krbdev mailing list             [hidden email]
> https://mailman.mit.edu/mailman/listinfo/krbdev
>
_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev