Kerberos Server Version 3.1.2 Release Notes (5900-1856, July 2011)
Migrating from previous Kerberos Server versions to Kerberos Server v3.1.2
If you want to use the Kerberos server with LDAP as the backend database, migrate your existing
Kerberos server to Kerberos server v3.0.
Use the krb_2_ldap utility to migrate information of the previous version of the Kerberos server
to the LDAP database. The krb_2_ldap utility performs the following tasks, while migrating
information:
• Converts each entry of the version 2.0 or 3.0 dumpfile to ldif file entry. The new entries are
dumped into an LDIF file.
• Logs any log messages or errors and displays it in stdout format.
To migrate from Kerberos server v3.0 to v3.1.2:
1. Dump the database on the v3.0 server.
On the Kerberos server v3.0, dump the database with the default dump version. The dump
file must contain the default header, “kdb5_util load_dump version 5.0”.
# kdb_dump -f /opt/krb5/dumpfilev3.1.2
2. Use the krb_2_ldap utility to create the LDIF file.
# krb_2_ldap -d <dump filename> -l <ldif filename>
3. You must manually edit the LDIF file.
Uncomment the first two lines of the LDIF file. Replace the DN name and the changetype,
if necessary.
4. Load the LDIF file using the following command:
/opt/ldapux/bin/ldapmodify -d “cn=amathew” -w eso! -h <hostname> -p
<port number> -f <ldif filename>
On successful completion, the following message is displayed:
Load Successful
To migrate from the Kerberos Server Version 2.0 database to Version 3.0, dump the Version 2.0
database using the kdb_dump utility, and load this dump file into the Version 3.0 database using
the kdb_load utility.
NOTE: The Kerberos database formats of Versions 1.0 and 2.0 are not compatible with one
another. However, the Kerberos database formats of Versions 2.0, 3.0 and 3.1.2 are compatible
with one another.
For more information on migration, see Kerberos Server Version 3.1.1 Administrator’s Guide
(T1417-90009).
Kerberos Server version 3.1.2 benefits and features 7