replacing Heimdal with MIT Kerberos, and Kerberos key attributes in LDAP back-end
Bart Van den Broeck
Bart.VandenBroeck at icts.kuleuven.be
Thu Jan 13 17:09:38 EST 2011
Hi all
Since we are migrating from Debian to RedHat, we are considering
replacing our Heimdal Kerberos server (with LDAP back-end) with an MIT
Kerberos server (again with LDAP back-end) since RedHat packages are only
available for MIT Kerberos. In order to make this migration/upgrade as
transparent as possible for our users, we want to convert all the
necessary info in the Heimdal back-end to the MIT back-end. Are there
any pointers available for this kind of operation? E.g. things like
conversion tables mapping the corresponding Kerberos-specific LDAP
attributes? Or even scripts?
I'm especially looking at the Kerberos key attributes, i.e.
- Heimdal: krb5Key
- MIT: krbPrincipalKey
Is it possible to convert the former into the latter? Is there any code
available for this operation? If not, we would have to require all our
users to change their passwords at the same time, which is not very
feasible.
Thanks in advance
Bart
More information about the Kerberos
mailing list