[Freeipa-users] Migrate KRB DB hashes to IPA LDAP
Dmitri Pal
dpal at redhat.com
Wed Oct 8 16:37:30 UTC 2014
On 10/08/2014 09:47 AM, Andreas Ladanyi wrote:
> Hello,
>
> i have the following situation:
>
> OpenLDAP with user entries. No userPassword hashes are available.
> MIT Kerberos with principals and password hashes in the KRB DB.
>
> I have migrated the user and group accounts via "ipa migrate-ds ..."
> successfully.
>
> Now, is it possible to get out the kerberos user principal password
> hashes from the KRB own DB to the appropriate krbPassword..... IPA LDAP
> attribute, so the users could login without any extra user action ?
>
> cheers,
> Andy
>
>
>
This will be a highly manual process.
AFAIR it has been done couple times so please search archives 2-3 years
ago. Simo was the person who provided the steps.
You would need to not only migrate the hashes by extracting the fields
from DB and loading them into LDAP using raw LDAP commands and ldif but
also copy over and set the kerberos master key.
If you are up to it and dig out the instructions we would really
appreciate if you can then put them on a wiki as a solution:
http://www.freeipa.org/page/HowTos
--
Thank you,
Dmitri Pal
Sr. Engineering Manager IdM portfolio
Red Hat, Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20141008/85d24566/attachment.htm>
More information about the Freeipa-users
mailing list