MIT + Heimdal + openssh == cross realm difficulties

Priit Randla priit.randla at
Wed Feb 9 03:53:17 EST 2005

Henry B. Hotz wrote:

> It's not clear to me why the MIT and Heimdal realms need to be  
> different.

    The reason is quite embarassing, actually - total re-branding. Total 
renamification  :-) from AAA to BBB.
Lotsa host/* principals to recreate and change. And 24/7/365 as usual. 
So I have to simply
accept that those two realms  have to exist and work together for some 
unspecified time.

> You can import an MIT database into Heimdal with hprop.  Google for 
> the  details, but you export a MIT dump file with some specific 
> options and  then use hprop to read it into Heimdal.

    Dit it. Unfortunately, all password policies will get lost in the 
process. Which reminds me that I didn't see a way to create and use 
policies under Heimdal...
 Major PIA if these aren't implemented.


More information about the Kerberos mailing list