Propagating the Kerberos Server
Setting Up Propagation
| Setting Up Propagation |
| After installing and configuring your primary and secondary security |
| servers, you must propagate principal database information from the |
| primary security server to all secondary security servers. |
| Before you can configure propagation, each secondary security server |
| must have an existing principal database to act as a container for the |
| information being propagated to the server. The principal database is |
| created during installation. |
| Each security server must also have a stashed master key. If you created |
| the database during installation, the key is automatically stashed in the |
| /opt/krb5/.k5.REALM file. If you created the database after installation |
| using kdb_create, verify that you stashed the key using the kdb_create |
| |
| The mkpropcf tool aids propagation configuration by reading the |
| Kerberos configuration file, krb.conf, and constructing the required |
| propagation settings. |
| The primary security server component contains three daemons. You |
| need to restart and stop these daemons at various times throughout |
| propagation. |
|
|
NOTE | During initial propagation of the principal database to all secondary |
| security servers, the startup order of the services or daemons is critical. |
| However, after the initial propagation is complete, the startup order is |
| irrelevant. |
|
|
258 | Chapter 9 |