xref: /freebsd/crypto/heimdal/doc/migration.texi (revision bdd1243df58e60e85101c09001d9812a789b6bc4)
1@c $Id$
2
3@node Migration, Acknowledgments, Programming with Kerberos, Top
4@chapter Migration
5
6@section Migration from MIT Kerberos to Heimdal
7
8hpropd can read MIT Kerberos dump, the format is the same as used in
9mit-kerberos 1.0b7, and to dump that format use the following command:
10@samp{kdb5_util dump -b7}.
11
12To load the MIT Kerberos dump file, use the following command:
13
14@samp{/usr/heimdal/libexec/hprop --database=dump-file --master-key=/var/db/krb5kdc/mit_stash --source=mit-dump --decrypt --stdout | /usr/heimdal/libexec/hpropd --stdin}
15
16@section General issues
17
18When migrating from a Kerberos 4 KDC.
19
20@section Order in what to do things:
21
22@itemize @bullet
23
24@item Convert the database, check all principals that hprop complains
25about.
26
27@samp{hprop -n --source=<NNN>| hpropd -n}
28
29Replace <NNN> with whatever source you have, like krb4-db or krb4-dump.
30
31@item Run a Kerberos 5 slave for a while.
32
33@c XXX Add you slave first to your kdc list in you kdc.
34
35@item Figure out if it does everything you want it to.
36
37Make sure that all things that you use works for you.
38
39@item Let a small number of controlled users use Kerberos 5 tools.
40
41Find a sample population of your users and check what programs they use,
42you can also check the kdc-log to check what ticket are checked out.
43
44@item Burn the bridge and change the master.
45@item Let all users use the Kerberos 5 tools by default.
46@item Turn off services that do not need Kerberos 4 authentication.
47
48Things that might be hard to get away is old programs with support for
49Kerberos 4. Example applications are old Eudora installations using
50KPOP, and Zephyr. Eudora can use the Kerberos 4 kerberos in the Heimdal
51kdc.
52
53@end itemize
54