Re: Converting kaserver DB to Heimdal

[Love <lha@stacken.kth.se>]

Alf Wachsmann <alfw@SLAC.Stanford.EDU> writes:

> Hi,
>
> we are in the process of migrating from AFS' kaserver to Heimdal's KDC.
> In this process, we have converted our kaserver DB to the KDC format
> using the recipe from (e.g.)
> https://lists.openafs.org/pipermail/openafs-info/2002-May/004326.html
>
> While converting all our administration tools, we have discovered that
> the time a principal changed his/her/its password is _not_ carried over
> from the kaserver DB. This seems by design after looking at the
> hprop/hpropd source code.
>
> Is there a way of preserving this time stamp in the conversion?

So this might do it. The principal should be optional, but I don't know if
all code handles that. I don't have a kaserver setup, so it might be easier
for you to test then me.

Love


--- kdc/hprop.c	19 Sep 2003 00:16:11 -0000
+++ kdc/hprop.c	7 Oct 2003 18:56:50 -0000
@@ -397,6 +397,12 @@
 	    + 24 * 60 * 60 * ent->pw_expire;
     }
 
+    if(ntohl(ent->pw_change) != NEVERDATE && ntohl(ent->pw_change) != 0xffffffff) {
+	ALLOC(hdb.modified_by);
+	hdb.modified_by->time = ntohl(ent->pw_change);
+	hdb.modified_by->principal = NULL;
+    }
+
     ret = krb5_make_principal(pd->context, &hdb.created_by.principal,
 			      v4_realm,
 			      "kadmin",

PGP signature