Date: Tue, 26 Aug 2025 08:13:26 -0700 From: Rick Macklem <rick.macklem@gmail.com> To: Alexander Leidinger <Alexander@leidinger.net> Cc: Kyle Evans <kevans@freebsd.org>, Gleb Smirnoff <glebius@freebsd.org>, freebsd-current@freebsd.org, src-committers@freebsd.org Subject: Re: August 2025 stabilization week Message-ID: <CAM5tNy5m8tEaivQdC4G-=VNpf3ng6JcdpeJKvxA8oM==OdbMUw@mail.gmail.com> In-Reply-To: <CAM5tNy42Xvj8M%2Bq4qDO35T31wWLO-2pC9H0_V0rVM2uZmSL2RA@mail.gmail.com> References: <aKwYB4d6l4ze-yXA@cell.glebi.us> <aKxcwqKqW3ZpA3Po@cell.glebi.us> <56dd78c6-a53a-4c4c-989a-335cc5fed405@FreeBSD.org> <CAM5tNy5sNv8z0zW2ZFt%2B9=ytUpjGVudsYbcSC2mQSudi3iWSfQ@mail.gmail.com> <CAM5tNy73KwR-DBqc28bqRPKqW7UqXN7RXYB=p-Za5Lsoy9jFcw@mail.gmail.com> <1578a4eac5402d0496d8989e5258bc78@Leidinger.net> <CAM5tNy42Xvj8M%2Bq4qDO35T31wWLO-2pC9H0_V0rVM2uZmSL2RA@mail.gmail.com>
index | next in thread | previous in thread | raw e-mail
On Tue, Aug 26, 2025 at 6:28 AM Rick Macklem <rick.macklem@gmail.com> wrote: > > On Tue, Aug 26, 2025 at 2:34 AM Alexander Leidinger > <Alexander@leidinger.net> wrote: > > > > Am 2025-08-26 06:25, schrieb Rick Macklem: > > > On Mon, Aug 25, 2025 at 1:27 PM Rick Macklem <rick.macklem@gmail.com> > > > wrote: > > >> > > >> On Mon, Aug 25, 2025 at 9:09 AM Kyle Evans <kevans@freebsd.org> wrote: > > > > >> > There is no yet an official way to migrate kdc > > >> > > from Heimdal to MIT. > > >> Yea. One possibility is to install Heimdal-7.8 from ports/packages and > > >> then > > >> use it to dump the KDC's database in MIT format. (Although Cy seemed > > >> to > > >> find it didn't work, doing this with the "--decrypt" option might > > >> retain the > > >> passwords.) > > >> > > >> I'll give this a try and report back if it worked for me. > > > Well, I'm not having any luck. > > > Every time I try and use Heimdal-7.8 to load the database from > > > Heimdal-1.5.2, > > > "kadmin -l" throws this error and exits. > > > > > > kadmin: rc4 8: EVP_CipherInit_ex einit > > > > > > I need the Heimdal-7.8 kadmin to work to try and convert the database > > > to > > > MIT format. > > > > > > So, does anyone know the trick to fixing this? rick > > > > I migrated a while ago... don't remember if this year or last year. And > > I don't have my notes about this anymore. But I exported everything from > > base-heimdal and imported into MIT. > > A quick google gave mit this: > > https://serverfault.com/questions/1000332/migrating-from-heimdal-to-mit-kerberos > > This can be done with the base-heimdal + ports-heimdal + mit-krb. > Yes. That was basically what I am trying to do. However, I cannot get > the ports-heimdal > to work, due to that rc4 related problem. (I've tried 15 and 14. Maybe > I'll try 13?) Ok. If you install FreeBSD-13.5 and then "pkg install heimdal", you get a working Heimdal-7.8 in ports. Now, I have another challenge. Fixing the master passwords. I'll work on it later to-day. rick > > Because there are several principals created when the MIT database is created, > I think the last step might need "-update" ("kdb5_util load -update mit.dump"). > > rick > > > > > Bye, > > Alexander. > > > > -- > > http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF > > http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BFhome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAM5tNy5m8tEaivQdC4G-=VNpf3ng6JcdpeJKvxA8oM==OdbMUw>