MIT Kerberos has gone through a half-dozen different db dump formats, so precise instructions on how to extract the fields depends on the exact software version you have and the options you specify to the kdb5_dump command.
Meanwhile, by default OpenLDAP does not have any module that recognizes what to do with a Kerberos key in the userPassword attribute. So once you figure out what to do to get the key out of the KDC, there's still a problem of what to do with it next. There is an indirect route that should work - in the OpenLDAP 2.3 contrib directory there is a module that adds support for Samba passwords and Heimdal Kerberos keys (see contrib/slapd-modules/smbk5pwd). If you use the Heimdal Kerberos tools to import the MIT dump into Heimdal format, then you should be able to use the result with OpenLDAP. But there are a lot of steps to get there (starting with obtaining and installing the Heimdal source code). If you're interested in getting this to work, I think you should go all the way - you can run the Heimdal KDC directly on top of OpenLDAP, instead of using a flat file-based kerberos database. In this case, all of your Kerberos account information is stored as attributes of regular OpenLDAP account entries. Once you have the database loaded into OpenLDAP you can do all your account administration from there and you never need to run the Kerberos account management utilities any more. If building all of the packages seems like too much effort for you, my company (Symas Corp., http://www.symas.com) provides prepackaged binaries of all of the necessary software, ready to install. (OpenLDAP, Heimdal, OpenSSL, Cyrus SASL, BerkeleyDB, etc.) ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
