Date: Tue, 26 Aug 2025 06:28:50 -0700 From: Rick Macklem <rick.macklem@gmail.com> To: Alexander Leidinger <Alexander@leidinger.net> Cc: Kyle Evans <kevans@freebsd.org>, Gleb Smirnoff <glebius@freebsd.org>, freebsd-current@freebsd.org, src-committers@freebsd.org Subject: Re: August 2025 stabilization week Message-ID: <CAM5tNy42Xvj8M%2Bq4qDO35T31wWLO-2pC9H0_V0rVM2uZmSL2RA@mail.gmail.com> In-Reply-To: <1578a4eac5402d0496d8989e5258bc78@Leidinger.net> References: <aKwYB4d6l4ze-yXA@cell.glebi.us> <aKxcwqKqW3ZpA3Po@cell.glebi.us> <56dd78c6-a53a-4c4c-989a-335cc5fed405@FreeBSD.org> <CAM5tNy5sNv8z0zW2ZFt%2B9=ytUpjGVudsYbcSC2mQSudi3iWSfQ@mail.gmail.com> <CAM5tNy73KwR-DBqc28bqRPKqW7UqXN7RXYB=p-Za5Lsoy9jFcw@mail.gmail.com> <1578a4eac5402d0496d8989e5258bc78@Leidinger.net>
index | next in thread | previous in thread | raw e-mail
On Tue, Aug 26, 2025 at 2:34 AM Alexander Leidinger <Alexander@leidinger.net> wrote: > > Am 2025-08-26 06:25, schrieb Rick Macklem: > > On Mon, Aug 25, 2025 at 1:27 PM Rick Macklem <rick.macklem@gmail.com> > > wrote: > >> > >> On Mon, Aug 25, 2025 at 9:09 AM Kyle Evans <kevans@freebsd.org> wrote: > > >> > There is no yet an official way to migrate kdc > >> > > from Heimdal to MIT. > >> Yea. One possibility is to install Heimdal-7.8 from ports/packages and > >> then > >> use it to dump the KDC's database in MIT format. (Although Cy seemed > >> to > >> find it didn't work, doing this with the "--decrypt" option might > >> retain the > >> passwords.) > >> > >> I'll give this a try and report back if it worked for me. > > Well, I'm not having any luck. > > Every time I try and use Heimdal-7.8 to load the database from > > Heimdal-1.5.2, > > "kadmin -l" throws this error and exits. > > > > kadmin: rc4 8: EVP_CipherInit_ex einit > > > > I need the Heimdal-7.8 kadmin to work to try and convert the database > > to > > MIT format. > > > > So, does anyone know the trick to fixing this? rick > > I migrated a while ago... don't remember if this year or last year. And > I don't have my notes about this anymore. But I exported everything from > base-heimdal and imported into MIT. > A quick google gave mit this: > https://serverfault.com/questions/1000332/migrating-from-heimdal-to-mit-kerberos > This can be done with the base-heimdal + ports-heimdal + mit-krb. Yes. That was basically what I am trying to do. However, I cannot get the ports-heimdal to work, due to that rc4 related problem. (I've tried 15 and 14. Maybe I'll try 13?) Because there are several principals created when the MIT database is created, I think the last step might need "-update" ("kdb5_util load -update mit.dump"). rick > > Bye, > Alexander. > > -- > http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF > http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BFhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAM5tNy42Xvj8M%2Bq4qDO35T31wWLO-2pC9H0_V0rVM2uZmSL2RA>