NIS => Kerberos/LDAP Migration

Tim Schaab tim at geology.wisc.edu
Wed Aug 15 13:49:19 EDT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Some progress.

I removed the krb5_get_policy lines from the pam-krb5-migrate.c file and
it compiles and loads into PAM now.

Now that problem is solved, another pokes up. The logins hang and
timeout. It looks like the module gets it's ticket from the kdc, but
then hangs tying to talk to kadmin. There is nothing in the kadmin log
about a pam connection attempt at all. It is the same problem I saw
trying to use the heimdal kadmin client on a MIT kadmin server. When a
command is issued, it hangs.

My belief is that using the remote kadmin part of pam-krb5-migrate is
incompatible with a MIT kadmin server.

The next step would be to try the local db support. Though if it's using
heimdal and we are using MIT, are the local DBs compatible?

Another option would be to run a heimdal kadmin server during the
transition. Once again though, I am not sure this would work unless they
both use the same db format.

Are the heimdal and MIT databases compatible? If not, any ideas to have
an as user-friendly transition from NIS to Kerberos as possible?

- --
/*********************************************************\
| Tim Schaab                |         Computer Facilities |
| 608-262-3738              |        tim at geology.wisc.edu |
| UW-Madison                |        Geology & Geophysics |
\******** GPG Key: http://dev-zero.org/pubkey.asc ********/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGwzyfCR3ITS1QXGYRAlxbAKCTsElVrDWz+Q6TkDHSwI/j2g0AKQCgkSm/
R/M6GiTFmhGys7+QlSWIBlU=
=VeZu
-----END PGP SIGNATURE-----



More information about the Kerberos mailing list