Administering the Kerberos Server
Maintenance Tasks
Backing Up primary security server DataSave the copied information to a CD or tape — whatever your preferred archive method is.
Be aware that primary security server files contain sensitive information; therefore, do not copy files unless you intend to properly secure the backup copies.
Be sure to make backup copies of the following:
•admin_acl_file
•password.policy (password.pol)
•Principal database files
•krb.conf
Certain files contain extremely sensitive information, and HP recommends that you do not make backup copies of the following files:
•.k5.REALM — Instead, recreate this file by using the kdb_stash utility. You must know the master password and specify the correct encryption type to run this utility.
•v5srvtab — Instead, recreate this file by
|
| Backing Up the Principal Database |
|
| If you have a server architecture that uses a second level of propagation |
|
| servers, you can back up your principal database with minimal effect on |
|
| application users. See Chapter 9, “Propagating the Kerberos Server,” on |
|
| |
|
|
|
NOTE |
| If you do not use secondary security servers as propagation servers, you |
|
| can temporarily halt propagation to one of the secondary security servers |
|
| acting as an authentication server, provided you have a properly |
|
| configured redundant server. |
|
| To back up your principal database, complete the following steps: |
|
| |
Step | 1. Stop the services and daemons. |
Chapter 8 | 237 |