[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Propagating MIT-Kerberos Database to Heimdal KDC


I wasn't able to find any concise information on my problem in the
list archives or the documentation.

I'd like to migrate the principal database from an MIT-Kerberos (1.2.7
with security patches) KDC to Heimdal (0.6 from the brand-new SuSE 9.0

So far I've dumped the database on the MIT KDC with:
/usr/sbin/kdb5_util dump -b7  /usr/var/krb5kdc/slave_datatrans.b7

and copied the slave_datatrans.b7 and the stashed master key
(.k5.CELL) to the box running heimdal.

Then I've tried to import the database with:

hprop -m .k5.CELL -d slave_datatrans.b7 --source=mit-dump|hpropd -n

I've also copied the master key from .k5.CELL to /var/heimdal/m-key

However if I try to list the imported principals with "list *" in the
kadmin program, I get "Decrypt integrity check failed" for every

If I delete the file /var/heimdal/m-key, the error message in kadmin
disappears, however when I "kinit" as one of the principals, I get
"kinit: krb5_get_init_creds: Client (principal@CELL) unknown', no
matter if the /var/heimdal/m-key file is in place or not.

I've also tried converting the stash file with kstash, to no avail.

Creating a new principal with kadmin and then kinit as that principal
works without problems.

What did I miss? Is there maybe a bug somewhere?
Thanks in advance
Friedrich Delgado Friedrichs   |               mailto: fd@dfn-cert.de
DFN-CERT GmbH                  |              pgp-key: 0x94A6047F
Heidenkampsweg 41              |                Phone: +49(40)808077-555
D-20097 Hamburg                |                  FAX: +49(40)808077-556
Germany                        |

PGP signature