(replying back to list) Propagation wouldn't be any different than a dump and reload. Just point your clients at the test server for testing. This also helps to test how well the old principals will migrate to the new version.
Jason On 05/11/2012 07:04 PM, Tareq Alrashid wrote: > Thank you, Jason. > > I forgot to mention, that PRODKRB.REALM.EDU production realm is at v5-1.6.3. > Need to setup a new KRBDEV.REALM.EDU to test and upgrade everything to > v5.1.10.1. > And also upgrade away from DES to latest/strongest enctypes. > > I have done a manual simple dump/load into new dev realm, and of course all > principals are > added with [email protected] into the KRBDEV.REALM.EDU. > So not sure how propagation would be any different. > > Thanks, > Tareq > > On May 11, 2012, at 6:26 PM, Jason Edgecombe wrote: > >> On 05/11/2012 01:44 PM, Tareq Alrashid wrote: >>> Greetings, >>> >>> The production Kerberos realm is decades old. Never had a “real” >>> test/development realm until now. Don’t ask! >>> >>> How to best create or mirror an existing realm of all principals and all >>> their information, except its under a new realm for testing of all that is >>> to be implemented in the future? >>> >>> My thinking with what I know its not possible considering how everything is >>> meshed in a combination of realm/passwords/salts…etc. >>> >>> But I ask just in case I am missing something. >>> >>> Insights? >>> >> Set up a test server as a slave of the prod server, then enable kadmin so >> that it acts like a master. You can trigger kprop by hand to sync prod to >> dev when you want. >> >> You might not want an entire test realm, just a devel/test copy of the >> production realm. I deploy changes to my slave KDC's and point for clients >> at it for testing. After I'm satisfied, I roll out to production. >> >> Jason > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
