[33104] in Kerberos
replacing Heimdal with MIT Kerberos, and Kerberos key attributes in
daemon@ATHENA.MIT.EDU (Bart Van den Broeck)
Thu Jan 13 17:09:51 2011
From: Bart Van den Broeck <Bart.VandenBroeck@icts.kuleuven.be>
To: "kerberos@mit.edu" <kerberos@mit.edu>
Date: Thu, 13 Jan 2011 23:09:38 +0100
Message-ID: <DE16FBD1DC3E724AB8A244372D228099013308624C46@ICTS-S-EXC1-CA.luna.kuleuven.be>
Content-Language: en-US
MIME-Version: 1.0
X-KULeuven-Envelope-From: bart.vandenbroeck@icts.kuleuven.be
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi all
Since we are migrating from Debian to RedHat, we are considering
replacing our Heimdal Kerberos server (with LDAP back-end) with an MIT
Kerberos server (again with LDAP back-end) since RedHat packages are only
available for MIT Kerberos. In order to make this migration/upgrade as
transparent as possible for our users, we want to convert all the
necessary info in the Heimdal back-end to the MIT back-end. Are there
any pointers available for this kind of operation? E.g. things like
conversion tables mapping the corresponding Kerberos-specific LDAP
attributes? Or even scripts?
I'm especially looking at the Kerberos key attributes, i.e.
- Heimdal: krb5Key
- MIT: krbPrincipalKey
Is it possible to convert the former into the latter? Is there any code
available for this operation? If not, we would have to require all our
users to change their passwords at the same time, which is not very
feasible.
Thanks in advance
Bart
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
