Administering the Kerberos Server

Maintenance Tasks

Backing Up primary security server Data

Save the copied information to a CD or tape — whatever your preferred archive method is.

Be aware that primary security server files contain sensitive information; therefore, do not copy files unless you intend to properly secure the backup copies.

Be sure to make backup copies of the following:

admin_acl_file

password.policy (password.pol)

Principal database files

krb.conf

Certain files contain extremely sensitive information, and HP recommends that you do not make backup copies of the following files:

.k5.REALM — Instead, recreate this file by using the kdb_stash utility. You must know the master password and specify the correct encryption type to run this utility.

v5srvtab — Instead, recreate this file by re-extracting the key for any service principal contained in the file — Typically, the host/principal for the primary security server.

 

 

Backing Up the Principal Database

 

 

If you have a server architecture that uses a second level of propagation

 

 

servers, you can back up your principal database with minimal effect on

 

 

application users. See Chapter 9, “Propagating the Kerberos Server,” on

 

 

page 241.

 

 

 

NOTE

 

If you do not use secondary security servers as propagation servers, you

 

 

can temporarily halt propagation to one of the secondary security servers

 

 

acting as an authentication server, provided you have a properly

 

 

configured redundant server.

 

 

To back up your principal database, complete the following steps:

 

 

Step

1. Stop the services and daemons.

Chapter 8

237

Page 237
Image 237
HP UX Kerberos Data Security Software manual Backing Up primary security server Data, Backing Up the Principal Database