Problems parsing old krbPrincipalKey attributes from LDAP backend
Frank Steinberg
steinberg at ibr.cs.tu-bs.de
Mon May 26 06:45:27 EDT 2014
Am 25.05.2014 um 05:14 schrieb Greg Hudson <ghudson at MIT.EDU>:
> If you decide to go with patching the KDC, the candidate fixes are here:
>
> https://github.com/krb5/krb5/pull/129
>
> These changes should get pushed to master within a week or so, and
> will eventually make their way into 1.12 and probably 1.11 patch releases.
I took some time to find a python ASN.1 decoder/encoder and came up with
the following python script. It should be able to convert the key data,
so that a KrbSalt with only a type == 0 will be added where it's missing.
With two test cases it seemed to work for me. However I did not yet apply
it to our whole user database. If you have any comments, please let me know.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: kdb_ldap_fixkeys.py
Type: text/x-python-script
Size: 5218 bytes
Desc: not available
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20140526/8797c4f4/attachment.bin
-------------- next part --------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20140526/8797c4f4/attachment-0001.bin
More information about the Kerberos
mailing list