Configuring the Primary and Secondary Security Server

Configuring the Secondary Security Servers with LDAP

Configuring the Secondary Security Servers with LDAP

You can now configure the secondary security servers. Assuming that you are setting up the primary security server so that you can easily switch the primary security server with one of the secondary security servers, you must perform each of the steps on the primary security server as well as on the secondary security server.

All secondary security servers require the following basic configuration tasks:

Copying the Kerberos configuration files.

Creating a stash file using the kdb_stash utility.

Copying the Kerberos Configuration File

Each secondary security server must have a copy of the Kerberos configuration files (krb.conf)from the primary security server. The krb.conf file is located at:

/opt/krb5/krb.conf

Following lists the default configuration files required on the secondary security server:

krb.conf

krb.realms

krb5_ldap.conf

krb5_schema.conf

krb5_map.conf

Creating a stash file using the kdb_stash utility

You must create a stash file using the kdb_stash utility. This utility stores the master key in a stash file that the Kerberos server accesses when the security server daemons start up. You must specify the same

Chapter 7

105

Page 105
Image 105
HP UX Kerberos Data Security Software manual Configuring the Secondary Security Servers with Ldap