On Mon, May 26, 2014 at 4:45 AM, Frank Steinberg <steinb...@ibr.cs.tu-bs.de> wrote: > Am 25.05.2014 um 05:14 schrieb Greg Hudson <ghud...@mit.edu>: >> If you decide to go with patching the KDC, the candidate fixes are here: >> >> https://github.com/krb5/krb5/pull/129 >> >> These changes should get pushed to master within a week or so, and >> will eventually make their way into 1.12 and probably 1.11 patch releases. > > I took some time to find a python ASN.1 decoder/encoder and came up with > the following python script. It should be able to convert the key data, > so that a KrbSalt with only a type == 0 will be added where it's missing. > With two test cases it seemed to work for me. However I did not yet apply > it to our whole user database. If you have any comments, please let me know. >
Hi Frank, I converted my MIT KDC from CentOS 6 to CentOS 7 today, and your kdb_ldap_fixkeys Python script was invaluable for repairing some entries. Thanks! (Looks like the -b option and the filter options are not documented in usage() :-) I was using krb5-server-1.11.3-49.el7. It looks like https://github.com/krb5/krb5/pull/129 did get cherry-picked to the krb5-1.12 branch, but not to krb5-1.11 yet. - Ken ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos