From nobody Tue Aug 26 15:13:26 2025 X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cBB5912SDz65hy4 for ; Tue, 26 Aug 2025 15:13:49 +0000 (UTC) (envelope-from rick.macklem@gmail.com) Received: from mail-ed1-x532.google.com (mail-ed1-x532.google.com [IPv6:2a00:1450:4864:20::532]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4cBB5800BSz3Xjk; Tue, 26 Aug 2025 15:13:47 +0000 (UTC) (envelope-from rick.macklem@gmail.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20230601 header.b=Oq1tfN3z; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of rick.macklem@gmail.com designates 2a00:1450:4864:20::532 as permitted sender) smtp.mailfrom=rick.macklem@gmail.com Received: by mail-ed1-x532.google.com with SMTP id 4fb4d7f45d1cf-61a8c134609so7188872a12.3; Tue, 26 Aug 2025 08:13:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1756221222; x=1756826022; darn=freebsd.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=aHawaz4q0r7t3jd+/KHWqUjAP5gsUjllF7GIxbRAUWU=; b=Oq1tfN3z3ElLnjt2Fqndq2SmxhoA4YQ9FSx+nZx3uC6ejIAlieFEGSf3g25gspGU5J 5mFK8BhfwDCxbTIqJdK/J9lfBq5OwwwZacFpZFgPDSEbG70IxWQ5W2WFt8F8QhlO0gKt +nbCnEbLa1t1sQ+iFTlfSls9FTLKAHhnINZFJWWoWSK3rX/OCpNR9wJQ4vCFKekzukzr YKuWa3jeclm4uvisk1qbm9mYkPKqjTbLLann8XhExK7T+mF71dY9XitB6h04QwtiSVYF 7X/Tc0nztrHDYbhCKWBlbmEIMZ/hLc2VT8d9/gWw3zLQYv1wLcRN6/i6iz2KxEmBjw0u YD/w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1756221222; x=1756826022; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=aHawaz4q0r7t3jd+/KHWqUjAP5gsUjllF7GIxbRAUWU=; b=ShugRM486dTEfiBXhODRWcp4mT8H7TkgITzVeuEjl1rOiky+/dgllYfWumqE8yWlO3 j4Y78N4TbFKncjzHDULKHFO/KFs5cgC7VpZjHPDIA0YgI3O/bbB1VuznVqOr59KULoX4 jFyAaPdRbQFCyAX+7oPBwMuTr5BK5ARyXtWR3YippErLa6DLFxu5J6W75gvrWsWUax+H r4LYHB5AnNwq9eLQsVeCGzVLmap3Y8F8Donm1OanaOSeaDw9i90S85+PKwM74A+g6Mig Zt5NQhEhMpeMrOmFNotH4F+M/BU7tP0QMtWL+yupCr3dVscQMZ8cZ51lUbpHhIUdABgk ykGA== X-Forwarded-Encrypted: i=1; AJvYcCU/HbpfJCOn1EyWAAsz7U8rZnbat9z8X/cF3cCYPkPpKpWGC1p+wRCqjcZJoYS6dAYnI4aI/iZLXp0m6vHCdx0=@freebsd.org, AJvYcCVHe1ixKxB1fAvFzaOTH8vBD4J16peLj1tUm1iOJZYoUGiek09oo6nhia/1QGGDvHe5HN72Escaaw==@freebsd.org, AJvYcCXT+RC89DqXPEi2JdOq+l5jsWbcXEu6qeYONHNjV6xB5GPmZIXM0ZrNwyOuk7DLnFI/SBaMcJMz9oGtlA+APGQ=@freebsd.org X-Gm-Message-State: AOJu0Yw0QN+X0UuiIPKxn4Fa4sWAZjHbxvtyWOlzCMizCmC8dY1sbe0I SlbC20f5XP8n5zwbEi7rxs2KhKHit9CLZHpmfpcyh5Q5t3RJcG4YwNbz3Pm3IRhvGQWUxkRoXuW GCTj42uSjNtOxHWOzhglQWR7M82mcSQ== X-Gm-Gg: ASbGnctykRQcsMF0OfUkib43aR4KQr/261TIxleEwSgM5WKKRA4sXi0JeedamQS9BbA B1vRzxWJNkcTY6ii/E6qhTx+iXSrqWqeAtYa0WqLfDuA+CxeeXRkcSUWGWtCyPu6C24ORyVpNb6 cVQ1LiJX0yYQSPBwHUOn6sqPDQiwDECbPWW6M3PWgfWRUjv8AhoBBtf5hT+yNV5XqfT59nt72vF jWq1NmJTE7emtHkdoEgAgdt3+daXDUXfXrFop0= X-Google-Smtp-Source: AGHT+IFU8CzQ4mzLA3F0U0iNq6CtXiIgSks1ZjJks3Gv+Rq+jgq3/RwWhydkk7LQI151GelClhp7C022+RTwBB25QQE= X-Received: by 2002:a05:6402:5189:b0:61c:5379:4265 with SMTP id 4fb4d7f45d1cf-61c53794504mr6731765a12.1.1756221221313; Tue, 26 Aug 2025 08:13:41 -0700 (PDT) List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@FreeBSD.org MIME-Version: 1.0 References: <56dd78c6-a53a-4c4c-989a-335cc5fed405@FreeBSD.org> <1578a4eac5402d0496d8989e5258bc78@Leidinger.net> In-Reply-To: From: Rick Macklem Date: Tue, 26 Aug 2025 08:13:26 -0700 X-Gm-Features: Ac12FXz-9Frl93GCaqE6FzftVMRRQTT9udKz_yLGjDMU9iDX8CEokE6OKZmO1rU Message-ID: Subject: Re: August 2025 stabilization week To: Alexander Leidinger Cc: Kyle Evans , Gleb Smirnoff , freebsd-current@freebsd.org, src-committers@freebsd.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.97 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.97)[-0.966]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20230601]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36:c]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; ARC_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; FROM_HAS_DN(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; TO_DN_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::532:from]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; TAGGED_FROM(0.00)[]; MISSING_XM_UA(0.00)[]; RCPT_COUNT_FIVE(0.00)[5]; TO_MATCH_ENVRCPT_SOME(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; MID_RHS_MATCH_FROMTLD(0.00)[]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; MLMMJ_DEST(0.00)[freebsd-current@freebsd.org]; RCVD_COUNT_ONE(0.00)[1]; FREEMAIL_ENVFROM(0.00)[gmail.com] X-Rspamd-Queue-Id: 4cBB5800BSz3Xjk On Tue, Aug 26, 2025 at 6:28=E2=80=AFAM Rick Macklem wrote: > > On Tue, Aug 26, 2025 at 2:34=E2=80=AFAM Alexander Leidinger > wrote: > > > > Am 2025-08-26 06:25, schrieb Rick Macklem: > > > On Mon, Aug 25, 2025 at 1:27=E2=80=AFPM Rick Macklem > > > wrote: > > >> > > >> On Mon, Aug 25, 2025 at 9:09=E2=80=AFAM Kyle Evans wrote: > > > > >> > There is no yet an official way to migrate kdc > > >> > > from Heimdal to MIT. > > >> Yea. One possibility is to install Heimdal-7.8 from ports/packages a= nd > > >> then > > >> use it to dump the KDC's database in MIT format. (Although Cy seemed > > >> to > > >> find it didn't work, doing this with the "--decrypt" option might > > >> retain the > > >> passwords.) > > >> > > >> I'll give this a try and report back if it worked for me. > > > Well, I'm not having any luck. > > > Every time I try and use Heimdal-7.8 to load the database from > > > Heimdal-1.5.2, > > > "kadmin -l" throws this error and exits. > > > > > > kadmin: rc4 8: EVP_CipherInit_ex einit > > > > > > I need the Heimdal-7.8 kadmin to work to try and convert the database > > > to > > > MIT format. > > > > > > So, does anyone know the trick to fixing this? rick > > > > I migrated a while ago... don't remember if this year or last year. And > > I don't have my notes about this anymore. But I exported everything fro= m > > base-heimdal and imported into MIT. > > A quick google gave mit this: > > https://serverfault.com/questions/1000332/migrating-from-heimdal-to-mit= -kerberos > > This can be done with the base-heimdal + ports-heimdal + mit-krb. > Yes. That was basically what I am trying to do. However, I cannot get > the ports-heimdal > to work, due to that rc4 related problem. (I've tried 15 and 14. Maybe > I'll try 13?) Ok. If you install FreeBSD-13.5 and then "pkg install heimdal", you get a working Heimdal-7.8 in ports. Now, I have another challenge. Fixing the master passwords. I'll work on it later to-day. rick > > Because there are several principals created when the MIT database is cre= ated, > I think the last step might need "-update" ("kdb5_util load -update mit.d= ump"). > > rick > > > > > Bye, > > Alexander. > > > > -- > > http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772B= F > > http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772B= F