Re: August 2025 stabilization week

On Tue, Aug 26, 2025 at 2:34 AM Alexander Leidinger
<Alexander@leidinger.net> wrote:
>
> Am 2025-08-26 06:25, schrieb Rick Macklem:
> > On Mon, Aug 25, 2025 at 1:27 PM Rick Macklem <rick.macklem@gmail.com>
> > wrote:
> >>
> >> On Mon, Aug 25, 2025 at 9:09 AM Kyle Evans <kevans@freebsd.org> wrote:
>
> >> >  There is no yet an official way to migrate kdc
> >> > > from Heimdal to MIT.
> >> Yea. One possibility is to install Heimdal-7.8 from ports/packages and
> >> then
> >> use it to dump the KDC's database in MIT format. (Although Cy seemed
> >> to
> >> find it didn't work, doing this with the "--decrypt" option might
> >> retain the
> >> passwords.)
> >>
> >> I'll give this a try and report back if it worked for me.
> > Well, I'm not having any luck.
> > Every time I try and use Heimdal-7.8 to load the database from
> > Heimdal-1.5.2,
> > "kadmin -l" throws this error and exits.
> >
> > kadmin: rc4 8: EVP_CipherInit_ex einit
> >
> > I need the Heimdal-7.8 kadmin to work to try and convert the database
> > to
> > MIT format.
> >
> > So, does anyone know the trick to fixing this? rick
>
> I migrated a while ago... don't remember if this year or last year. And
> I don't have my notes about this anymore. But I exported everything from
> base-heimdal and imported into MIT.
> A quick google gave mit this:
> https://serverfault.com/questions/1000332/migrating-from-heimdal-to-mit-kerberos
> This can be done with the base-heimdal + ports-heimdal + mit-krb.
Yes. That was basically what I am trying to do. However, I cannot get
the ports-heimdal
to work, due to that rc4 related problem. (I've tried 15 and 14. Maybe
I'll try 13?)

Because there are several principals created when the MIT database is created,
I think the last step might need "-update" ("kdb5_util load -update mit.dump").

rick

>
> Bye,
> Alexander.
>
> --
> http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF
> http://www.FreeBSD.org    netchild@FreeBSD.org  : PGP 0x8F31830F9F2772BF