Thanks again, Jason. I got the point 2nd time around :) Tareq On May 12, 2012, at 10:45 AM, Jason Edgecombe wrote:
> (replying back to list) > > Propagation wouldn't be any different than a dump and reload. Just point your > clients at the test server for testing. This also helps to test how well the > old principals will migrate to the new version. > > Jason > > On 05/11/2012 07:04 PM, Tareq Alrashid wrote: >> Thank you, Jason. >> >> I forgot to mention, that PRODKRB.REALM.EDU production realm is at v5-1.6.3. >> Need to setup a new KRBDEV.REALM.EDU to test and upgrade everything to >> v5.1.10.1. >> And also upgrade away from DES to latest/strongest enctypes. >> >> I have done a manual simple dump/load into new dev realm, and of course all >> principals are >> added with [email protected] into the KRBDEV.REALM.EDU. >> So not sure how propagation would be any different. >> >> Thanks, >> Tareq >> >> On May 11, 2012, at 6:26 PM, Jason Edgecombe wrote: >> >>> On 05/11/2012 01:44 PM, Tareq Alrashid wrote: >>>> Greetings, >>>> >>>> The production Kerberos realm is decades old. Never had a “real” >>>> test/development realm until now. Don’t ask! >>>> >>>> How to best create or mirror an existing realm of all principals and all >>>> their information, except its under a new realm for testing of all that is >>>> to be implemented in the future? >>>> >>>> My thinking with what I know its not possible considering how everything >>>> is meshed in a combination of realm/passwords/salts…etc. >>>> >>>> But I ask just in case I am missing something. >>>> >>>> Insights? >>>> >>> Set up a test server as a slave of the prod server, then enable kadmin so >>> that it acts like a master. You can trigger kprop by hand to sync prod to >>> dev when you want. >>> >>> You might not want an entire test realm, just a devel/test copy of the >>> production realm. I deploy changes to my slave KDC's and point for clients >>> at it for testing. After I'm satisfied, I roll out to production. >>> >>> Jason >> > ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
