Here's what I have so far:
- Dump the Heimdal database. According to the old Heimdal docs, it should be possible to simply dump the db in MIT format using
kadmin -l dump -f MIT. But the build of Heimdal I'm dealing with doesn't support the MIT option, so I had to first dump the db in the default format:
# on old Heimdal KDC:
kadmin -l dump > /tmp/h5l.dump
- I then used NORDUnet's Dockerfiles to build temporary Heimdal and MIT KDCs using docker:
# on e.g. laptop:
cd /tmp
git clone git@github.com:NORDUnet/krb5-docker.git
cd krb5-docker
docker build -f Dockerfile.heimdal -t heimdal-alpine .
docker build -f Dockerfile.mit -t krb5-alpine .
- Now we can import that Heimdal default file format and export as MIT:
# laptop:
mkdir /tmp/k5
rsync -avz old-kdc:/tmp/h5l.dump /tmp/k5/
docker run --rm -it -v /tmp/k5:/tmp/k5 heimdal-alpine
docker ps # get container ID
docker exec -it b4e57b1bdb9f sh
# in heimdal-alpine container:
kadmin -l load /tmp/k5/h5l.dump
kadmin -l dump -f MIT /tmp/k5/mit.dump
- We should now have a good MIT-format dump file. To test this, I used the MIT container:
# laptop
docker run --rm -it -v /tmp/k5:/tmp/k5 mit-alpine
docker ps # get container ID
docker exec -it 3721be560d8f sh
# in mit-alpine container:
kdb5_util load -verbose /tmp/k5/mit.dump
This almost works. That "load" command exits with a zero return code, but a kdb5_util dump says No such entry in the database while retrieving master entry, with nothing on stdout. I'm sure I'm not starting the container(s) right, not getting their db initialized correctly, needing to do something with principals and/or keytabs. It's late, so I'm going to hit submit on this now and have another go at it next time I have a chance.
