Re: RFC: Heimdal FreeBSD KDC users

Hi,

I am in an opposite camp.

I tried to make NFSv4 server on FreeBSD to auth users against Red Hat IDM (or FreeIPA) but failed to do so over multiple tries.

After I heard that Heimdal will be exchanged into MIT I was more then happy.

I currently wait till all that Heimdal -> MIT Kerberos change finish - so I can try again.

Hope that helps.

Regards,
vermaden



Temat: RFC: Heimdal FreeBSD KDC users
Data: 2025-10-05 22:58
Nadawca: "Rick Macklem" <rick.macklem@gmail.com>
Adresat: "FreeBSD-STABLE Mailing List" <freebsd-stable@freebsd.org>; "Gleb Smirnoff" <glebius@freebsd.org>; "Cy Schubert" <cy@freebsd.org>; 

> Hi,
> 
> I am posting to try and find out how many users
> are currently using the old Heimdal 1.5 KDC in
> FreeBSD 14.n and are interested in using the
> same KDC database in FreeBSD 15.
> 
> I am asking because I just made a commit to
> main (which will soon be in stable/15) which
> adds support to the Heimdal code for doing
> a database dump in an MIT compatible format.
> --> The problem is that it will require a
>       make buildworld, make installworld from
>       sources with WITHOUT_MITKRB5="yes"
>       set in /etc/src.conf, followed by an (re)upgrade
>       with the default MIT Kerberos setting.
>       (ie. no WITHOUT_MITKRB5="yes")
> 
> Because the patch is rather large (commit 5000d023a446
> in main) and a lot of it was a couple of cherry-picks
> from Heimdal 7.8, I cannot easily audit it for any
> security vulnerability it might have introduced.
> As such, I am not comfortable MFC'ng it to stable/14,
> although that would make the conversion path easier.
> 
> So, who out there needs this Heimdal->MIT KDC
> database conversion?
> 
> Thanks for any info, rick