[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
hprop problem with krb4-db database
- To: heimdal-discuss@sics.se
- Subject: hprop problem with krb4-db database
- From: Florian Daniel Otel <florian.otel@gmail.com>
- Date: Tue, 1 Nov 2005 11:04:10 +0100
- DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=UyB78mXl1Hd05UTKKi1v/D9n3KpIRPB7mCeOvIu+LpDduri6PcaG94m2pubIZ8T9eDfopNz/HYztRxSP/voR5b56qShn0zKvBmokdpxvzMS41b1V+BNJroJvQYH7CyVDpvOV9KJMS4jN+ACofpE0GHwdADhOrZ34nW4vHvDgk8U=
- Sender: owner-heimdal-discuss@sics.se
Hello all,
I am trying to migrate from a KTH-KRB4 installation to Heimdal and I
have two questions
1) hprop refuses to work on the krb4-db format
The problem I have is that "hprop" refuses to convert the principal
database when in given "krb4-db" format:
[....]
root@florians:/var/lib/heimdal-kdc# hprop -d ./principal.db
--source=krb4-db -n > /tmp/test
kerb_dbl_init: couldn't open /var/lib/kerberos/principal.ok
open: No such file or directory
root@florians:/var/lib/heimdal-kdc# # Ok...That dir doesn't exit, I
can create if you really need it (why would you want it...??)
root@florians:/var/lib/heimdal-kdc# mkdir -p /var/lib/kerberos
root@florians:/var/lib/heimdal-kdc# hprop -d ./principal.db
--source=krb4-db -n > /tmp/test
kerb_dbl_init: couldn't open /var/lib/kerberos/principal.ok
open: No such file or directory
root@florians:/var/lib/heimdal-kdc# # Now this is really weird...I
assumed that was some sort of lock file ....
root@florians:/var/lib/heimdal-kdc# touch /var/lib/kerberos/principal.ok
root@florians:/var/lib/heimdal-kdc# hprop -d ./principal.db
--source=krb4-db -n > /tmp/test
hprop: kerb_db_iterate: Service expired (kerberos)
[...]
However, hprop is a bit more cooperating if the dabase is given in
ASCII format (i.e. "krb4-dump" format):
[...]
root@florians:/var/lib/heimdal-kdc# hprop -d ./slave_dump
--source=krb4-dump -n > /tmp/test
hprop: krb5_425_conv_principal rcmd.server1@MY.REALM: Failed to
convert v4 principal
hprop: krb5_425_conv_principal rcmd.server2@MY.REALM: Failed to
convert v4 principal
hprop: krb5_425_conv_principal rcmd.server3@MY.REALM: Failed to
convert v4 principal
hprop: krb5_425_conv_principal rcmd.server4@MY.REALM: Failed to
convert v4 principal
hprop: krb5_425_conv_principal rcmd.server5@MY.REALM: Failed to
convert v4 principal
hprop: krb5_425_conv_principal rcmd.server6@MY.REALM: Failed to
convert v4 principal
hprop: krb5_425_conv_principal rcmd.server7@MY.REALM: Failed to
convert v4 principal
hprop: krb5_425_conv_principal rcmd.server8@MY.REALM: Failed to
convert v4 principal
Any ideas ?
2) hprop/hpropds and keytabs for different principals (and on which servers?)
Since the documentation is ...well...."very scarce", I have the
following related question: If I want to set up a Heimdal
Master/Slave KDC replication with hprop/hpropd for which of these
principals do I need keytabs:
... kadmin/admin on the master KDC ?
... kadmin/changepw on the master KDC ? For this principal apparently the
only way to add a keytab on the master KDC is via "kadmin -l". Trying to do
that using "ktutuil get kadmin/changepw" locally failed with " "Key
table entry not found" ??
... kadmin/hprop on the master KDC ?
... host/master-KDC.mydomain.name on the master KDC ? (The docs
say the master KDC will use kadmin/hprop for "hprop-ing" with the slaves...?!)
....hosts/slave-KDC.mydomain.name on slave KDCs ?
... hprop/slave-kerveros-server.mydomain.name on slave KDCs ?
TIA,
Florian
P.S. Any suggesstions/pointers to more resources about how to migrate
from KRB4-KTH to Heimdal would be highly appreciated.