1da1b74438
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9718 ec53bebd-3082-4978-b11e-865c3cabbd6b
44 lines
1.2 KiB
Plaintext
44 lines
1.2 KiB
Plaintext
@c $Id$
|
|
|
|
@node Migration, Acknowledgments, Programming with Kerberos, Top
|
|
@chapter Migration
|
|
|
|
@section General issues
|
|
|
|
When migrating from a Kerberos 4 KDC.
|
|
|
|
@section Order in what to do things:
|
|
|
|
@itemize @bullet
|
|
|
|
@item Convert the database, check all principals that hprop complains
|
|
about.
|
|
|
|
@samp{hprop -n --source=<NNN>| hpropd -n}
|
|
|
|
Replace <NNN> with whatever source you have, like krb4-db or krb4-dump.
|
|
|
|
@item Run a Kerberos 5 slave for a while.
|
|
|
|
@c XXX Add you slave first to your kdc list in you kdc.
|
|
|
|
@item Figure out if it does everything you want it to.
|
|
|
|
Make sure that all things that you use works for you.
|
|
|
|
@item Let a small number of controlled users use Kerberos 5 tools.
|
|
|
|
Find a sample population of your users and check what programs they use,
|
|
you can also check the kdc-log to check what ticket are checked out.
|
|
|
|
@item Burn the bridge and change the master.
|
|
@item Let all users use the Kerberos 5 tools by default.
|
|
@item Turn off services that do not need Kerberos 4 authentication.
|
|
|
|
Things that might be hard to get away is old programs with support for
|
|
Kerberos 4. Example applications are old Eudora installations using
|
|
KPOP, and Zephyr. Eudora can use the Kerberos 4 kerberos in the Heimdal
|
|
kdc.
|
|
|
|
@end itemize
|