Import/Export data problem between KDCs

Darren Reed (Optimation) darrenr at
Fri Nov 1 02:59:01 EST 2002

From: "Sam Hartman" <hartmans at>
> >>>>> "Darren" == Darren Reed (Optimation) <darrenr at> writes:
>     Darren> Earlier in the week, I was doing some testing on importing
>     Darren> and exporting data between a 1.2.5 KDC and an "old"
>     Darren> CyberSafe KDC (dump output is 2.0.)
> I don't think we really support cross-vendor dumps.  Certainly I'm not
> aware of any work to make this work consistently.  I know that MIT has
> stuff we represent in our database that cannot be represented in a
> Heimdal database.  I'm fairly certain the converse is true as well.
> If you can show that for example the current MIT code cannot make a
> dump that 1.1-based code can read then we'd certainly consider it a
> problem until we'd decided why it was broken.  AT that point we'd
> either decide we weren't interested in fixing, or more likely produce
> some sort of fix.
> If you want this issue fixed quickly you should prove in the next day
> or so that current code cannot produce a dump read by old code.

Just to clarify, the Cybersafe "kdb5_edit" utility can read the
dump output from kdb5_util and it loads it into the principal
database correctly.  However, the Cybersafe KDC (or the version
we have) cannot then use the principal database it has at its disposal
for anything.

So the dump output can be read, it just cannot be used in this
particular case.

If you're still concerned about this, I'll provide you with a sample
of the data output from kdb5_edit and let me know what you
think.  I respect what you're saying here, but I think I
miscommunicated the problem - to me it sounds like its not
something you particularly care about but I'd like to be sure
before dropping it.


More information about the krbdev mailing list