1233294Sstas@c $Id$ 272445Sassar 378527Sassar@node Migration, Acknowledgments, Programming with Kerberos, Top 472445Sassar@chapter Migration 572445Sassar 6233294Sstas@section Migration from MIT Kerberos to Heimdal 7233294Sstas 8233294Sstashpropd can read MIT Kerberos dump, the format is the same as used in 9233294Sstasmit-kerberos 1.0b7, and to dump that format use the following command: 10233294Sstas@samp{kdb5_util dump -b7}. 11233294Sstas 12233294SstasTo load the MIT Kerberos dump file, use the following command: 13233294Sstas 14233294Sstas@samp{/usr/heimdal/libexec/hprop --database=dump-file --master-key=/var/db/krb5kdc/mit_stash --source=mit-dump --decrypt --stdout | /usr/heimdal/libexec/hpropd --stdin} 15233294Sstas 1672445Sassar@section General issues 1772445Sassar 1872445SassarWhen migrating from a Kerberos 4 KDC. 1972445Sassar 2072445Sassar@section Order in what to do things: 2172445Sassar 2272445Sassar@itemize @bullet 2372445Sassar 2472445Sassar@item Convert the database, check all principals that hprop complains 2572445Sassarabout. 2672445Sassar 2772445Sassar@samp{hprop -n --source=<NNN>| hpropd -n} 2872445Sassar 2972445SassarReplace <NNN> with whatever source you have, like krb4-db or krb4-dump. 3072445Sassar 3172445Sassar@item Run a Kerberos 5 slave for a while. 3272445Sassar 3372445Sassar@c XXX Add you slave first to your kdc list in you kdc. 3472445Sassar 3572445Sassar@item Figure out if it does everything you want it to. 3672445Sassar 3772445SassarMake sure that all things that you use works for you. 3872445Sassar 3972445Sassar@item Let a small number of controlled users use Kerberos 5 tools. 4072445Sassar 4172445SassarFind a sample population of your users and check what programs they use, 4272445Sassaryou can also check the kdc-log to check what ticket are checked out. 4372445Sassar 4472445Sassar@item Burn the bridge and change the master. 4572445Sassar@item Let all users use the Kerberos 5 tools by default. 4672445Sassar@item Turn off services that do not need Kerberos 4 authentication. 4772445Sassar 4872445SassarThings that might be hard to get away is old programs with support for 4972445SassarKerberos 4. Example applications are old Eudora installations using 5072445SassarKPOP, and Zephyr. Eudora can use the Kerberos 4 kerberos in the Heimdal 5172445Sassarkdc. 5272445Sassar 5372445Sassar@end itemize 54