System Administration Guide: Security Services

ProcedureHow to Convert a Kerberos Database After a Server Upgrade

If your KDC database was created on a server running the Solaris 8 or Solaris 9 release, converting the database allows you to take advantage of the improved database format.

Before You Begin

Make sure that the database is using an older format.

  1. On the master, stop the KDC daemons.

    kdc1 # svcadm disable network/security/krb5kdc
    kdc1 # svcadm disable network/security/kadmin
  2. Create a directory to store a temporary copy of the database.

    kdc1 # mkdir /var/krb5/tmp
    kdc1 # chmod 700 /var/krb5/tmp
  3. Dump the KDC database.

    kdc1 # kdb5_util dump /var/krb5/tmp/prdb.txt
  4. Save copies of the current database files.

    kdc1 # cd /var/krb5
    kdc1 # mv princ* tmp/
  5. Load the database.

    kdc1 # kdb5_util load /var/krb5/tmp/prdb.txt
  6. Start the KDC daemons.

    kdc1 # svcadm enable -r network/security/krb5kdc
    kdc1 # svcadm enable -r network/security/kadmin