From 2c29719b23a4bd4e3e38ba53ccd8d78d61ac10bc Mon Sep 17 00:00:00 2001
From: Assar Westerlund <assar@sics.se>
Date: Sun, 28 Jan 2001 22:03:36 +0000
Subject: [PATCH] more text from lha@stacken.kth.se

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9545 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 doc/migration.texi | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)

diff --git a/doc/migration.texi b/doc/migration.texi
index 2ec598f23..4d2891857 100644
--- a/doc/migration.texi
+++ b/doc/migration.texi
@@ -3,3 +3,41 @@
 @node Migration, Windows 2000 compatability, Kerberos 4 issues, Top
 @chapter Migration
 
+@section General issues
+
+When migrating from a Kerberos 4 KDC.
+
+@section Order in what to do things:
+
+@itemize @bullet
+
+@item Convert the database, check all principals that hprop complains
+about.
+
+@samp{hprop -n --source=<NNN>| hpropd -n}
+
+Replace <NNN> with whatever source you have, like krb4-db or krb4-dump.
+
+@item Run a Kerberos 5 slave for a while.
+
+@c XXX Add you slave first to your kdc list in you kdc.
+
+@item Figure out if it does everything you want it to.
+
+Make sure that all things that you use works for you.
+
+@item Let a small number of controlled users use Kerberos 5 tools.
+
+Find a sample population of your users and check what programs they use,
+you can also check the kdc-log to check what ticket are checked out.
+
+@item Burn the bridge and change the master.
+@item Let all users use the Kerberos 5 tools by default.
+@item Turn off services that do not need Kerberos 4 authentication.
+
+Things that might be hard to get away is old programs with support for
+Kerberos 4. Example applications are old Eudora installations using
+KPOP, and Zephyr. Eudora can use the Kerberos 4 kerberos in the Heimdal
+kdc.
+
+@end itemize