On Tue, Aug 26, 2025 at 6:28 AM Rick Macklem <[email protected]> wrote:
>
> On Tue, Aug 26, 2025 at 2:34 AM Alexander Leidinger
> <[email protected]> wrote:
> >
> > Am 2025-08-26 06:25, schrieb Rick Macklem:
> > > On Mon, Aug 25, 2025 at 1:27 PM Rick Macklem <[email protected]>
> > > wrote:
> > >>
> > >> On Mon, Aug 25, 2025 at 9:09 AM Kyle Evans <[email protected]> wrote:
> >
> > >> > There is no yet an official way to migrate kdc
> > >> > > from Heimdal to MIT.
> > >> Yea. One possibility is to install Heimdal-7.8 from ports/packages and
> > >> then
> > >> use it to dump the KDC's database in MIT format. (Although Cy seemed
> > >> to
> > >> find it didn't work, doing this with the "--decrypt" option might
> > >> retain the
> > >> passwords.)
> > >>
> > >> I'll give this a try and report back if it worked for me.
> > > Well, I'm not having any luck.
> > > Every time I try and use Heimdal-7.8 to load the database from
> > > Heimdal-1.5.2,
> > > "kadmin -l" throws this error and exits.
> > >
> > > kadmin: rc4 8: EVP_CipherInit_ex einit
> > >
> > > I need the Heimdal-7.8 kadmin to work to try and convert the database
> > > to
> > > MIT format.
> > >
> > > So, does anyone know the trick to fixing this? rick
> >
> > I migrated a while ago... don't remember if this year or last year. And
> > I don't have my notes about this anymore. But I exported everything from
> > base-heimdal and imported into MIT.
> > A quick google gave mit this:
> > https://serverfault.com/questions/1000332/migrating-from-heimdal-to-mit-kerberos
> > This can be done with the base-heimdal + ports-heimdal + mit-krb.
> Yes. That was basically what I am trying to do. However, I cannot get
> the ports-heimdal
> to work, due to that rc4 related problem. (I've tried 15 and 14. Maybe
> I'll try 13?)
Ok. If you install FreeBSD-13.5 and then "pkg install heimdal", you get a
working Heimdal-7.8 in ports.
Now, I have another challenge. Fixing the master passwords.
I'll work on it later to-day.
rick
>
> Because there are several principals created when the MIT database is created,
> I think the last step might need "-update" ("kdb5_util load -update
> mit.dump").
>
> rick
>
> >
> > Bye,
> > Alexander.
> >
> > --
> > http://www.Leidinger.net [email protected]: PGP 0x8F31830F9F2772BF
> > http://www.FreeBSD.org [email protected] : PGP 0x8F31830F9F2772BF
