Lines Matching +full:end +full:- +full:of +full:- +full:conversion

4 @comment  node-name,  next,  previous,  up
12 * Principal conversion issues::  
14 @end menu
16 @node Principal conversion issues, Converting a version 4 database, Kerberos 4 issues, Kerberos 4 i…
17 @section Principal conversion issues
20 principal consists of a name, an instance, and a realm. A version 5
23 respectively).    Also, in some cases the name of a version 4 principal
24 differs from the first component of the corresponding version 5
27 version 5 name is @samp{host}. For the class of principals that has a
29 uses only the first component of the hostname, whereas Kerberos 5 uses
32 Because of this it can be hard or impossible to correctly convert a
35 to know if the conversion resulted in a valid principal. To give an
42 name to append, or you have to have a list of possible hostnames. In the
48 In a complex scenario you will need some kind of host lookup mechanism.
57 @node Converting a version 4 database, , Principal conversion issues, Kerberos 4 issues
61 conversion issue arises too.
64 have to do this conversion once. It is also possible to run a version 5
65 KDC as a slave to a version 4 KDC. In this case this conversion will
67 conversion, there are a few things to look out for. If you have stale
72 You might also see problems with a many-to-one mapping of
76 conversion function can't tell which is correct, these conflicts will
79 @subsection Conversion example
81 Given the following set of hosts and services:
87 @end example
89 you have a database that consists of the following principals:
95 @samp{rcmd.old-mail}, where @samp{gone.foo.se} was a machine that has
96 now passed away, and @samp{old-mail.foo.se} was an old mail machine that
108 rcmd.old-mail    @i{removed}
109 @end example
129 @end example
132 having an instance consisting of a hostname, and it also says how the
135 hostname should be qualified (this is just a hosts-file in
136 disguise). Host-instances that aren't covered by
137 @samp{v4_instance_convert} are qualified by appending the contents of
141 it has no way of knowing which hostnames are valid and which are not, it
150 Instead of doing this you can use DNS to convert instances. This is not
152 of static host entries. 
159 The database conversion is done with @samp{hprop}. You can run this
161 @samp{slave-server} (which should be running a @samp{hpropd}).
164 hprop --source=krb4-db --master-key=/.m slave-server
165 @end example
171 hprop -n --source=krb4-db -d /var/kerberos/principal --master-key=/.m | hpropd -n
172 @end example