Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i
Migration
Step-wise Procedure For Migration
Chapter 3 47
Step 6. Load the new version of the dump file generated from Step 4.
Use the kdb_load tool to load the database from the dump file,
/opt/krb5/dumpfilev2.0.
# kdb_load -f /opt/krb5/dumpfilev2.0
On successful completion the following message is displayed:
“Load Successful”
The migration of the Principal information is now complete.
Given below are a few pointers that need to be considered:
• The principal information is migrated from version 1.0 to version 2.0.
• The policy related information exists in the /opt/krb5/polv2 file.
The system administrator needs to decide on the policies and add the
policies to the /opt/krb5/password.policy file.
• The admin_acl_file cannot be migrated. The system administrator
needs to be add the appropriate acls to the
/opt/krb5/admin_acl_file using the old admin_acl_file. Refer
to “admin_acl_file” on page 95, for more information.
• The log messages of Step 4 are logged in the file,
/tmp/kdb_migrate.log.
If there are any problems during loading the new version of the
dump file it needs to be diagnosed by the system administrator.
The log messages inform the failure ([ERR] message) and successful
migrations ([LOG] messages), et all.
If the system administrator wants to configure a new system to be the
Kerberos Server version 2.0 and wants to use the existing version
1.0 dump file, it can be accomplished by securely copying the dump file
onto a new system and by following Steps four to six, as discussed above.
The /ect/krb5.conf of the version 1.0 Server must be copied to the new
system. Also, the /var/adm/krb5/krb5kdc/kdc.conf has to be copied if
the master key principal name is not the default, K/M. If only the master
key principal name differs from the default, avoid copying the kdc.conf
by specifying the -M option while using the kdb_migrate tool, as
described in Step 4.