[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: need more explanation on krb4->krb5 conversion

To: heimdal-discuss@sics.se
Subject: Re: need more explanation on krb4->krb5 conversion
From: David Komanek <xdavid@lib-eth.natur.cuni.cz>
Date: Wed, 1 Oct 2003 10:33:13 +0200 (CEST)
In-Reply-To: <Pine.OSF.4.51.0310010849500.271815@tao.natur.cuni.cz>
References: <Pine.OSF.4.58.0309301648040.198353@lib-eth.natur.cuni.cz><Pine.OSF.4.51.0309301754480.115349@tao.natur.cuni.cz><amad8mceaa.fsf@nutcracker.stacken.kth.se> <Pine.OSF.4.58.0310010701560.197780@lib-eth.natur.cuni.cz><Pine.OSF.4.51.0310010849500.271815@tao.natur.cuni.cz>
Sender: owner-heimdal-discuss@sics.se


Well, it seems I got it working, but with a method far away from the one
suggested in manpage :-) It is still a bit complicated, so it will require
further "research", but working:

1. dump of the krb4 database with kdb_util
2. dump of the "default" heimdal database with kadmin -l
3. /usr/local/heimdal/libexec/hprop -n -k /etc/krb5.keytab --source=krb4-dump -d /usr/local/heimdal/libexec/hprop -n -k /etc/krb5.keytab --source=krb4-dump -d
   where /etc/krb5.keytab contains hprop/`hostname` keys
4. merge of the converted database with file from (2) via kadmin

The special thing for me is the use of "-D" in the (3) which seems to
cause conversion des-cbc-sha1 keys of old krb4 database entries to
des-cbc-md5.

Now I am going to study incremental updates to simplify the task.

Thank you all for the help.


David Komanek

References:
- Re: need more explanation on krb4->krb5 conversion
  - From: David Komanek <xdavid@lib-eth.natur.cuni.cz>
- Re: need more explanation on krb4->krb5 conversion
  - From: Martin MOKREJŠ <mmokrejs@natur.cuni.cz>

Prev by Date: Re: need more explanation on krb4->krb5 conversion
Next by Date: Questions on kpam-20031001
Prev by thread: Re: need more explanation on krb4->krb5 conversion
Next by thread: Re: need more explanation on krb4->krb5 conversion
Index(es):
- Date
- Thread