Re: RFC: Heimdal FreeBSD KDC users

On Sun, Oct 5, 2025 at 2:05 PM vermaden <vermaden@interia.pl> wrote:
>
> Hi,
>
> I am in an opposite camp.
>
> I tried to make NFSv4 server on FreeBSD to auth users against Red Hat IDM (or FreeIPA) but failed to do so over multiple tries.
>
> After I heard that Heimdal will be exchanged into MIT I was more then happy.
>
> I currently wait till all that Heimdal -> MIT Kerberos change finish - so I can try again.
Although it's a little dated, there might be some useful stuff here..
https://people.freebsd.org/~rmacklem/nfs-krb5-setup.txt

rick

>
> Hope that helps.
>
> Regards,
> vermaden
>
>
>
> Temat: RFC: Heimdal FreeBSD KDC users
> Data: 2025-10-05 22:58
> Nadawca: "Rick Macklem" <rick.macklem@gmail.com>
> Adresat: "FreeBSD-STABLE Mailing List" <freebsd-stable@freebsd.org>; "Gleb Smirnoff" <glebius@freebsd.org>; "Cy Schubert" <cy@freebsd.org>;
>
> > Hi,
> >
> > I am posting to try and find out how many users
> > are currently using the old Heimdal 1.5 KDC in
> > FreeBSD 14.n and are interested in using the
> > same KDC database in FreeBSD 15.
> >
> > I am asking because I just made a commit to
> > main (which will soon be in stable/15) which
> > adds support to the Heimdal code for doing
> > a database dump in an MIT compatible format.
> > --> The problem is that it will require a
> >       make buildworld, make installworld from
> >       sources with WITHOUT_MITKRB5="yes"
> >       set in /etc/src.conf, followed by an (re)upgrade
> >       with the default MIT Kerberos setting.
> >       (ie. no WITHOUT_MITKRB5="yes")
> >
> > Because the patch is rather large (commit 5000d023a446
> > in main) and a lot of it was a couple of cherry-picks
> > from Heimdal 7.8, I cannot easily audit it for any
> > security vulnerability it might have introduced.
> > As such, I am not comfortable MFC'ng it to stable/14,
> > although that would make the conversion path easier.
> >
> > So, who out there needs this Heimdal->MIT KDC
> > database conversion?
> >
> > Thanks for any info, rick