< Latest haul | Russ Allbery > Eagle's Path > August 2007 | Glory Road > |
It's finally done, which means that the hardest part of the Kerberos project is done. Today, we switched our master realm from Kerberos v4 to Kerberos v5, which meant putting krb5-strength and krb5-sync into production, replacing our Kerberos v4 kadmind with a server that still handles examine, enable, and disable but proxies password changes to Kerberos v5, and replacing our kadmin remctl interface with kadmin-remctl. I also replaced the Help Desk password change client.
It all seems to have worked. Some of the systems (particularly the K4 authentication servers) are in a slightly weird state now, and lots of updated documentation needs to be written, but all the coordination, testing, and 27-step rollout is finished.
It's quite a relief. I'm now going to do as little as possible work-wise for the rest of the weekend, and then figure out what's next on the agenda.
Posted: 2007-08-11 17:56 — Why no comments?
< Latest haul | Russ Allbery > Eagle's Path > August 2007 | Glory Road > |