Re: upgrade to 7.1 and migrating users

To: debian-edu@lists.debian.org
Subject: Re: upgrade to 7.1 and migrating users
From: Petter Reinholdtsen <pere@hungry.com>
Date: Mon, 06 Jan 2014 22:34:12 +0100
Message-id: <[🔎] 2fl1u0kztez.fsf@diskless.uio.no>
In-reply-to: <20131003071936.GP24958@ulrik.uio.no>
References: <l2clti$t6n$1@ger.gmane.org> <20130930203934.GA21190@diskless.uio.no> <20131002082042.Horde.vREBNe3BEkjBmrxX6WOteA1@mail.das-netzwerkteam.de> <20131003071936.GP24958@ulrik.uio.no>

I finally had time to look at migrating LDAP from squeeze to wheezy
again, and discovered a few problems with my initial approach.  The
script ldap-migrate-squeeze-wheezy in is now updated to handle more LDAP
object types (user, filegroups, netgroups, sudo roles, hosts), and also
include a recipe to get the kerberos part of the users migrated betewen
servers.

The problem I discovered was that the krbPrincipalKey attribute is not
usable between kerberos servers, as it contain the users password
encrypted with the server master key.  Without also copying the old
servers master key, the users are unable to log in.  See the usage
information in the script to see how to do this.  I am very grateful to
Russ Allbery and Sam Hartman, the kerberos maintainers in Debian, for
their clues on how to migrate kerberos users from the old to the new
server.

The script isn't well tested, but my initial testing tell me it should
work.  I hope it will work for you too. :)

-- 
Happy hacking
Petter Reinholdtsen

Reply to:

Prev by Date: Content and translation status for the debian-edu-wheezy manual
Next by Date: Re: please update translations (Re: Content and translation status for the debian-edu-wheezy manual)
Previous by thread: Content and translation status for the debian-edu-wheezy manual
Next by thread: Re: please update translations (Re: Content and translation status for the debian-edu-wheezy manual)
Index(es):
- Date
- Thread