Ticket History #8220: Document KDC upgrade procedures

# Wed Feb 13 11:12:42 2013 John Devitofranceschi <jdvf@optonline.net> - Ticket #7568: - Ticket created

Date:	Wed, 13 Feb 2013 08:04:30 -0500
From:	John Devitofranceschi <jdvf@optonline.net>
Subject:	Documentation__Installing KDCs
To:	krb5-bugs@mit.edu

Download (untitled) / with headers
text/plain 293B

The documentation site is really nice.

It seems to be lacking any statement, however, about upgrading a Kerberos infrastructure..

What approach is recommended? Upgrading slaves first? Big bang? What kind of backward compatibility assurances can be assumed?

Thanks for your attention!

jd

# Mon Jul 20 11:27:14 2015 ghudson@mit.edu (Greg Hudson) - Ticket created

Subject:

Document KDC upgrade procedures

Download (untitled) / with headers
text/plain 835B

Prior to the RST conversion, we had a brief section on upgrading the
KDC (added for ticket #119). It talked about doing a dump and load,
which hasn't been necessary for any release since 1.1, and didn't
talk about multi-KDC environments. We don't appear to have any KDC
upgrade documentation now. We should write some, as we periodically
get questions about how to do it.

Some considerations for when we write it:

* Slave KDCs should generally be upgraded before the master KDC, to
ensure that they can process the dump files generated by the master
(especially when using iprop; there is a workaround for traditional
kprop). This order also limits the impact of any problems resulting
from the upgrade.

* Ticket #8213 should be considered when upgrading to affected
versions in a realm using incremental propagation.

# Mon Jul 20 11:27:31 2015 ghudson@mit.edu (Greg Hudson) - Ticket 8220 RefersTo ticket 119.

# Mon Jul 20 11:27:31 2015 ghudson@mit.edu (Greg Hudson) - Ticket 8220 RefersTo ticket 8213.

# Wed Sep 09 23:53:55 2015 tlyu (Taylor Yu) - Ticket #7568: - Ticket 7568 MergedInto ticket 8220.