Kerberos upgrade

It's finally done, which means that the hardest part of the Kerberos project is done. Today, we switched our master realm from Kerberos v4 to Kerberos v5, which meant putting krb5-strength and krb5-sync into production, replacing our Kerberos v4 kadmind with a server that still handles examine, enable, and disable but proxies password changes to Kerberos v5, and replacing our kadmin remctl interface with kadmin-remctl. I also replaced the Help Desk password change client.

It all seems to have worked. Some of the systems (particularly the K4 authentication servers) are in a slightly weird state now, and lots of updated documentation needs to be written, but all the coordination, testing, and 27-step rollout is finished.

It's quite a relief. I'm now going to do as little as possible work-wise for the rest of the weekend, and then figure out what's next on the agenda.

Posted: 2007-08-11 17:56 — Why no comments?

Last spun 2013-07-01 from thread modified 2013-01-04