[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Converting kaserver DB to Heimdal
Alf Wachsmann <alfw@SLAC.Stanford.EDU> writes:
> Hi,
>
> we are in the process of migrating from AFS' kaserver to Heimdal's KDC.
> In this process, we have converted our kaserver DB to the KDC format
> using the recipe from (e.g.)
> https://lists.openafs.org/pipermail/openafs-info/2002-May/004326.html
>
> While converting all our administration tools, we have discovered that
> the time a principal changed his/her/its password is _not_ carried over
> from the kaserver DB. This seems by design after looking at the
> hprop/hpropd source code.
>
> Is there a way of preserving this time stamp in the conversion?
So this might do it. The principal should be optional, but I don't know if
all code handles that. I don't have a kaserver setup, so it might be easier
for you to test then me.
Love
--- kdc/hprop.c 19 Sep 2003 00:16:11 -0000
+++ kdc/hprop.c 7 Oct 2003 18:56:50 -0000
@@ -397,6 +397,12 @@
+ 24 * 60 * 60 * ent->pw_expire;
}
+ if(ntohl(ent->pw_change) != NEVERDATE && ntohl(ent->pw_change) != 0xffffffff) {
+ ALLOC(hdb.modified_by);
+ hdb.modified_by->time = ntohl(ent->pw_change);
+ hdb.modified_by->principal = NULL;
+ }
+
ret = krb5_make_principal(pd->context, &hdb.created_by.principal,
v4_realm,
"kadmin",
PGP signature