[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Heimdal -> MIT K5 migration

To: Steve Langasek <vorlon@netexpress.net>
Subject: Re: Heimdal -> MIT K5 migration
From: Troy Benjegerdes <hozer@drgw.net>
Date: Mon, 17 Jun 2002 18:52:54 -0500
Cc: krbdev@MIT.EDU, "Kerberos, Heimdal" <heimdal-discuss@sics.se>
In-Reply-To: <20020617224738.GQ17454@netexpress.net>; from vorlon@netexpress.net on Mon, Jun 17, 2002 at 05:47:41PM -0500
References: <20020617172107.S400@altus.drgw.net> <20020617224738.GQ17454@netexpress.net>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Mutt/1.2.5i

On Mon, Jun 17, 2002 at 05:47:41PM -0500, Steve Langasek wrote:
> Hi Troy,
> 
> On Mon, Jun 17, 2002 at 05:21:07PM -0500, Troy Benjegerdes wrote:
> > I am evaluating whether to run Heimdal KDC's or MIT KDC's..
> 
> > It looks like migrating from a MIT KDC to heimdal is relatively easy (the 
> > heimdal hprop can take an MIT dump file)
> 
> > But what about the reverse? Is there any way to convert a Heimdal KDC to 
> > an MIT KDC?
> 
> > I am also interested in hearing anyone's suggestions about which K5 
> > implementation to use.
> 
> I'm sure you'll get other recommendations according to the preferences
> of each of the respondents.  Personally, though I admire how far the
> Heimdal team have come, I think it's hard to ignore the head start
> advantage the MIT implementation enjoys, and I've found it very easy to
> integrate with my Operating System of Choice.  Actually, it helps that
> my OS of Choice comes with packages hand-made by someone very close to
> MIT KRB5 development. <shrug>
> 
> Never having gone so far as to fully populate a Heimdal KDC with
> principals I wanted to keep, I have no idea what the migration path to
> an MIT KDC looks like.
> 
> Steve Langasek
> postmodern programmer

As near as I can tell, there isn't one, and even people that want to go 
MIT->Heimdal only show up every couple of months.

On another note, I currently have a MIT K5 (1.2.2) KDC, with lots of
active principals. Since OpenBSD (my OS choice for the a replace KDC
machine) has heimdal integrated, I am looking to see if I can convert the
KDC to heimdal easily. And once converted, I don't want to be stuck with 
heimdal.

I also seem to be having issues with the database master key. I am able to 
sucessfully get all the principals from the MIT KDC to the Heimdal KDC, 
but when using the heimdal KDC, none of the passwords worked.

I have tried with and without using the stash file from the MIT KDC 
(hprop's -m option). Is the stash file endian dependent?

-- 
Troy Benjegerdes | master of mispeeling | 'da hozer' |  hozer@drgw.net
-----"If this message isn't misspelled, I didn't write it" -- Me -----
"Why do musicians compose symphonies and poets write poems? They do it
because life wouldn't have any meaning for them if they didn't. That's 
why I draw cartoons. It's my life." -- Charles Schulz

References:
- Heimdal -> MIT K5 migration
  - From: Troy Benjegerdes <hozer@drgw.net>

Prev by Date: Heimdal -> MIT K5 migration
Next by Date: Re: openssl-0.9.6c krb4.1.1.1 libdes
Prev by thread: Heimdal -> MIT K5 migration
Next by thread: Configuration: ldap-database
Index(es):
- Date
- Thread