concerns with ldap plugin and 1.5 (lack of migration tool)

Paul B. Hill pbh at MIT.EDU
Tue Jun 6 10:15:04 EDT 2006 

Hi,

I realize this may be a somewhat moot point at the moment, however I don't
consider the lack of an existing migration tool to be a show stopper.

I fully expect that as the LDAP plugin matures a migration tool will become
available.

With such a new feature in the MIT Kerberos distribution I would hope that
system administrators with existing realms would be extremely cautious about
making such a migration. However, history has shown that someone, somewhere,
is likely to make a poor decision and rush a migration without sufficient
testing and planning. Hopefully our reputation would not be damaged in such
a situation but given the quality of some news stories I do see a potential
risk.

I'd actually prefer to see the initial LDAP plugin released without a
migration tool. I'd rather see people create independent test realms or
start a new realm from scratch in order to gain some deployed experience
before jumping into a migration. Again, I do expect that a migration tool
will appear in the future, although I am not an active member of the MIT
Kerberos team and am not involved in any resource planning for such
development.

Paul


-----Original Message-----
From: krbdev-bounces at MIT.EDU [mailto:krbdev-bounces at MIT.EDU] On Behalf Of
Nicolas Williams
Sent: Thursday, June 01, 2006 12:42 PM
To: Sam Hartman
Cc: MIT Kerberos Dev List
Subject: Re: concerns with ldap plugin and 1.5

On Thu, Jun 01, 2006 at 07:06:01AM -0400, Sam Hartman wrote:
>     Will> - How is an existing db2 KDB migrated to a LDAP/Directory
>     Will> based KDB?
> 
> We do not currently have a solution for this.

This is a problem.

Once again I suspect this says something about the genericity of the
SPI.  I suspect the solution will be a standalone program that knows the
db2 dump format and the LDAP schema and writes LDIF output.

_______________________________________________
krbdev mailing list             krbdev at mit.edu
https://mailman-mit-edu.ezproxyberklee.flo.org/mailman/listinfo/krbdev

More information about the krbdev mailing list