freebsd-dev/crypto/heimdal/doc/migration.texi

44 lines
1.3 KiB
Plaintext
Raw Normal View History

2001-06-21 02:12:07 +00:00
@c $Id: migration.texi,v 1.3 2001/02/24 05:09:24 assar Exp $
2001-02-13 16:46:19 +00:00
2001-06-21 02:12:07 +00:00
@node Migration, Acknowledgments, Programming with Kerberos, Top
2001-02-13 16:46:19 +00:00
@chapter Migration
@section General issues
When migrating from a Kerberos 4 KDC.
@section Order in what to do things:
@itemize @bullet
@item Convert the database, check all principals that hprop complains
about.
@samp{hprop -n --source=<NNN>| hpropd -n}
Replace <NNN> with whatever source you have, like krb4-db or krb4-dump.
@item Run a Kerberos 5 slave for a while.
@c XXX Add you slave first to your kdc list in you kdc.
@item Figure out if it does everything you want it to.
Make sure that all things that you use works for you.
@item Let a small number of controlled users use Kerberos 5 tools.
Find a sample population of your users and check what programs they use,
you can also check the kdc-log to check what ticket are checked out.
@item Burn the bridge and change the master.
@item Let all users use the Kerberos 5 tools by default.
@item Turn off services that do not need Kerberos 4 authentication.
Things that might be hard to get away is old programs with support for
Kerberos 4. Example applications are old Eudora installations using
KPOP, and Zephyr. Eudora can use the Kerberos 4 kerberos in the Heimdal
kdc.
@end itemize