Propagating the Kerberos Server

Setting Up Propagation

 

Setting Up Propagation

 

After installing and configuring your primary and secondary security

 

servers, you must propagate principal database information from the

 

primary security server to all secondary security servers.

 

Before you can configure propagation, each secondary security server

 

must have an existing principal database to act as a container for the

 

information being propagated to the server. The principal database is

 

created during installation.

 

Each security server must also have a stashed master key. If you created

 

the database during installation, the key is automatically stashed in the

 

/opt/krb5/.k5.REALM file. If you created the database after installation

 

using kdb_create, verify that you stashed the key using the kdb_create

 

-s or kdb_stash tool.

 

The mkpropcf tool aids propagation configuration by reading the

 

Kerberos configuration file, krb.conf, and constructing the required

 

propagation settings.

 

The primary security server component contains three daemons. You

 

need to restart and stop these daemons at various times throughout

 

propagation.

 

 

NOTE

During initial propagation of the principal database to all secondary

 

security servers, the startup order of the services or daemons is critical.

 

However, after the initial propagation is complete, the startup order is

 

irrelevant.

 

 

258

Chapter 9

Page 258
Image 258
HP UX Kerberos Data Security Software manual Setting Up Propagation