[6202] in Kerberos
Re: How to make V5 and V4 work together
daemon@ATHENA.MIT.EDU (Derrick J. Brashear)
Fri Nov 10 00:23:54 1995
To: kerberos@MIT.EDU
Date: Thu, 9 Nov 1995 11:06:08 -0500
From: "Derrick J. Brashear" <shadow+@andrew.cmu.edu>
Excerpts from netnews.comp.protocols.kerberos: 8-Nov-95 Re: How to make
V5 and V4 w.. by Theodore Ts'o@MIT.EDU
> destroying single-signon, at the very minimum. And if there's no way to
> import user's keys from the AFS ka server to the DCE security server,
> then the you force the site to go through the user password
> initialization process for all of their existing users. For a site with
> 20,000 users, this is not something which is undertaken lightly.
For what it's worth, I've at various times taken the version of Crack
which was modified by Dan Lovinger at CMU to be able to scan a kaserver
database,
and used it to dump keys, and then used those to build a kerberos (v4 or
v5) database. Unfortunately I always nuked my tools after I was done for
lack of space. It can be done, and I assume a similar interface to allow
importing keys exists in the DCE security server.
-`D
