Subject: kerb problems (Re: can't migrate master key to Heimdal)
To: Aidan Cully <email@example.com>
From: one more medicated peaceful moment <firstname.lastname@example.org>
Date: 07/01/2000 21:56:57
I have been having problems with kerberos since going to 1.5 as well, on
my system i cant figure out how to make it *not* try and authenticate with
kerberos... so login/su/etc all try to find a krb realm and block for a
few seconds while they wait for the gethostbyname to timeout. I sent a pr
about this and recieved no response, does anyone know how to fix it?
On Sat, 1 Jul 2000, Aidan Cully wrote:
> Date: Sat, 1 Jul 2000 14:58:56 -0400
> From: Aidan Cully <email@example.com>
> To: firstname.lastname@example.org, email@example.com
> Subject: can't migrate master key to Heimdal
> Now that crypto-us is gone, and replaced with the old crypto-intl, I
> thought it might be a good time to start experimenting with Heimdal.
> So I tried to migrate my old KDC to Heimdal. gurk.
> First: the master_key file is in a different format. I have to write
> a little utility for my local db to rewrite the contents of the
> master_key in a format that Heimdal can understand. Fine, a few
> iterations of working out how the interface to encode_EncryptionKey
> works go by, and the utility is written. I've got my master key in
> ASN.1 encoding on my hard drive.
> Second: Heimdal refuses outright all master keys that aren't enctype
> ETYPE_DES_CBC_MD5. Mine was ETYPE_DES_CBC_CRC. I haven't dug around
> enough to find out if it won't also accept DES_CBC_CRC... I strongly
> suspect that it won't. The point is: AAARRRGGGHHH!!!
> I think, for me, the quickest solution will be a utility to migrate
> the principal.db to a different master key. I've thought for a while
> that such a utility was necessary... I guess it's time to get it out
> of the way. We'll see how things go after that...
> The moral is, don't try to migrate your MIT KDCs to Heimdal, yet. As
> far as I can see, there isn't an upgrade path available.