Configuring the Primary and Secondary Security Server

Configuring the Secondary Security Servers with C-Tree

Creating a host/<fqdn> Principal and Extracting the Key

To allow principal database propagation, each secondary security server must contain a host/<fqdn> principal. You must also extract the key for the host/<fqdn> principal to that service key table file of the server.

You can create a host/<fqdn> principal and extract its key on a secondary security server by using the same procedure that is used on the primary security server. You need not log on as a root user to perform these tasks on a secondary security server. You can run kadmin and log on using the administrative principal name and password when prompted. For more information, see “Create the host/<fqdn> Principal and Extracting the Service Key” on page 98.

Each KDC must have a host service principal in the Kerberos database. You can create a host service principal from any host if the kadmind daemon is running.

104

Chapter 7

Page 104
Image 104
HP UX Kerberos Data Security Software manual Creating a host/fqdn Principal and Extracting the Key