Looking for docs on MIT master KDC -> Heimdal slave KDC replication
Tillman Hodgson
tillman at seekingfire.com
Tue Mar 15 12:31:21 EST 2005
Howdy folks,
I'm looking for documentation on how to going about replicating my
existing MIT master KDC to a new Heimdal slave KDC. I've found
references in old Usenet posts that some sites have set their KDCs up
this way in order to make OpenAFS integration a bit easier (one of my
own reasons for wanting to try this).
I haven't done KDC replication at all before, not even a relatively
simple MIT master -> MIT slave situation, so I'm kind of feeling my way
along here. My initial attempt looked like this (where surya is the MIT
master and utu is the Heimdal slave, both are NetBSD 2.0 hosts):
utu# grep hpropd /etc/inetd.conf
hprop stream tcp nowait root /usr/libexec/hpropd hpropd
surya# cat krb5prop.sh
surya#!/bin/sh
/usr/pkg/sbin/kdb5_util dump /root/kerberos/slave_datatrans
/usr/pkg/sbin/kprop -f /root/kerberos/slave_datatrans utu.seekingfire.prv
The dump part works, naturally. kprop doesn't seem happy. Suspecting
that Heimdal used a different propogation mechanism and/or database
format, I try tried this next (working from the same dump file):
surya# hprop --source=mit-dump --database=/root/kerberos/slave_datatrans \
--keytab=/etc/krb5.keytab.hprop utu.seekingfire.prv
hprop: unknown dump file format, got 5, expected 4
The idea was to dump the MIT database using MIT tools and transfer it
using Heimdal tools. I've tried a few other variations and haven't
really found anything that looked promising.
Is there any documentation on the right way to go about this that
someone could point me to?
Thanks muchly,
- Tillman
--
"I just purchased a shiny new Leatherman Wave.[...] It's likely that
random objects in the house will spend the next few days being plied,
screwdriven, and scissed. When you have a Leatherman, everything looks
Leathermanipulable." - A.S.R. quote (Nathan McCoy)
More information about the Kerberos
mailing list