We are upgrading our infra to 1.13.2 and I noticed that kpropd fails when receiving a full sync.
We are upgrading the slaves first and the master last. It seems that the 1.8.2 dump file claims to be ipropx, but it still only has the old-style policy records and that makes the 1.13.2 kpropd’s resync fail when kdb5_util is loading the kdb. I’ve got a temporary work-around in place for our first batch of slaves: a wrapper around kdb5_util that appropriately munges the policy records in the ‘from_master’ file. We can keep this in place for the next few weeks while we upgrade the rest of the KDCs. Once the master is upgraded, we can get rid of the script and let the real kdb5_util do its thing. Are there any other possible work-arounds that don’t involve recompiling? jd ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos