Am 2025-08-26 19:21, schrieb Rick Macklem:
On Tue, Aug 26, 2025 at 9:35 AM Gleb Smirnoff <[email protected]> wrote:On Tue, Aug 26, 2025 at 08:31:13AM -0700, Gleb Smirnoff wrote: T> On Tue, Aug 26, 2025 at 08:13:26AM -0700, Rick Macklem wrote:T> R> Ok. If you install FreeBSD-13.5 and then "pkg install heimdal", you get aT> R> working Heimdal-7.8 in ports. T> R> T> R> Now, I have another challenge. Fixing the master passwords. T> R> I'll work on it later to-day. T>T> I have applied two commits from Heimdal from 2012 that add 'kadmin dump -f MIT' T> feature to our base heimdal and polished them to compile. So far it doesn't T> work yet, either create an empty dump or create a core dump, instead of T> database dump :) I'll see how difficult it is going to further resolve that to T> a working condition. If I succeed, then having 'dump -f MIT' in base without T> any ports would be the best solution. Can also be merged to FreeBSD 14.4.Good news. In the above paragraph I was testing my change incorrectly - threw the new binary on a system running unpatched libraries. When run correctly, it successfully produced something that looks like a correct dump in MIT format.I haven't yet tried to load it into MIT kdc yet, though.You might have better luck than me, but if I just loaded it, "kadmin.local" wouldn't work. To get it loaded, I had to: - edit the mit.dump and remove the entries for K/M, kadmin/admin, kadmin/changepw and krbtgt/REALM. Then I... # kdb5_util create -s and # kdb5_util load -update mit.dump -after that, kadmin.local would find the prinicipals, but a "kinit" wouldn't work until I did a "change_password" on it.
Have you tried "kadmin -l dump --decrypt --format=MIT"? Bye, Alexander. -- http://www.Leidinger.net [email protected]: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org [email protected] : PGP 0x8F31830F9F2772BF
signature.asc
Description: OpenPGP digital signature
