Looking for docs on MIT master KDC -> Heimdal slave KDC replication

[Tillman Hodgson <tillman@seekingfire.com>]

Howdy folks,

[I'm cross-posting this from the MIT Kerberos list due to a lack of
 replies over there. Since this problem concerns both implementations
 I'm hoping that somebody over here might be able to help :-) ]

I'm looking for documentation on how to going about replicating my
existing MIT master KDC to a new Heimdal slave KDC. I've found
references in old Usenet posts that some sites have set their KDCs up
this way in order to make OpenAFS integration a bit easier (one of my
own reasons for wanting to try this).

I haven't done KDC replication at all before, not even a relatively
simple MIT master -> MIT slave situation, so I'm kind of feeling my way
along here. My initial attempt looked like this (where surya is the MIT
master and utu is the Heimdal slave, both are NetBSD 2.0 hosts):

utu# grep hpropd /etc/inetd.conf
hprop    stream  tcp     nowait  root    /usr/libexec/hpropd hpropd

surya# cat krb5prop.sh
surya#!/bin/sh
/usr/pkg/sbin/kdb5_util dump /root/kerberos/slave_datatrans
/usr/pkg/sbin/kprop -f /root/kerberos/slave_datatrans utu.seekingfire.prv

The dump part works, naturally. kprop doesn't seem happy. Suspecting
that Heimdal used a different propogation mechanism and/or database
format, I try tried this next (working from the same dump file):

surya# hprop --source=mit-dump --database=/root/kerberos/slave_datatrans \
       --keytab=/etc/krb5.keytab.hprop utu.seekingfire.prv
hprop: unknown dump file format, got 5, expected 4

The idea was to dump the MIT database using MIT tools and transfer it
using Heimdal tools. I've tried a few other variations and haven't
really found anything that looked promising.

Is there any documentation on the right way to go about this that
someone could point me to?

Thanks muchly,

- Tillman


-- 
"Don't play as if you've swallowed the metronome!"
    -- Nadia Boulanger