From 54fdd62c2be47d68fb19be1c5ea8f3ca105336be Mon Sep 17 00:00:00 2001 From: Nicolas Williams Date: Wed, 2 May 2012 17:43:26 -0500 Subject: [PATCH] Update MIT<->Heimdal migration documentation --- doc/migration.texi | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/doc/migration.texi b/doc/migration.texi index d13d7041d..2fa7ede59 100644 --- a/doc/migration.texi +++ b/doc/migration.texi @@ -5,14 +5,34 @@ @section Migration from MIT Kerberos to Heimdal -hpropd can read MIT Kerberos dump, the format is the same as used in -mit-kerberos 1.0b7, and to dump that format use the following command: -@samp{kdb5_util dump -b7}. +hpropd can read MIT Kerberos dump in "kdb5_util load_dump version 5" or +version 6 format. Simply run: +@samp{kdb5_util dump}. To load the MIT Kerberos dump file, use the following command: @samp{/usr/heimdal/libexec/hprop --database=dump-file --master-key=/var/db/krb5kdc/mit_stash --source=mit-dump --decrypt --stdout | /usr/heimdal/libexec/hpropd --stdin} +kadmin can dump in MIT Kerberos format. Simply run: +@samp{kadmin -l dump -f MIT}. + +The Heimdal KDC and kadmind, as well as kadmin -l and the libkadm5srv +library can read and write MIT KDBs, and can read MIT stash files. To +build with KDB support requires having a standalone libdb from MIT +Kerberos and associated headers, then you can configure Heildal as +follows: + +@samp{./configure ... CPPFLAGS=-I/path-to-mit-db-headers LDFLAGS="-L/path-to-mit-db-object -Wl,-rpath -Wl,/path-to-mit-db-object" LDLIBS=-ldb} + +At this time support for MIT Kerberos KDB dump/load format and direct +KDB access does not include support for PKINIT, or K/M key history, +constrained delegation, and other advanced features. + +Heimdal supports using multiple HDBs at once, with all write going to +just one HDB. This allows for entries to be moved to a native HDB from +an MIT KDB over time as those entries are changed. Or you can use hprop +and hpropd. + @section General issues When migrating from a Kerberos 4 KDC. -- 2.11.4.GIT