Propagating the Kerberos Server

Setting Up Propagation

3.From the primary security server /opt/krb5/install directory, run the following command:

# mkpropcf

 

This creates the kpropd.ini file, which defines your propagation

 

hierarchy.

 

 

NOTE

If you do not want to use the default hierarchy structure (a two-tier

 

system), you must edit the kpropd.ini file to implement your

 

preferred hierarchy. For more information on this file, see “The

 

kpropd.ini File” on page 251.

 

 

 

 

4. Copy the kpropd.ini file to the secondary security server.

 

 

5. If you have configured a multitiered hierarchy, that is, if you have

 

 

secondary security servers that act as propagation parent servers,

 

 

copy the configuration file of the primary security server to each

 

 

secondary security server.

Step

2.

On the primary security server, add the admin principal and extract the

 

 

service key by using the following command:

 

 

# /opt/krb5/admin/kadminl -R <admin/principal name> <passwd>

Step

3.

Extract the propagation principal on the primary security server, using

 

 

the following command:

 

 

# /opt/krb5/admin/kadminl -R ext <service principal name>

 

 

By default, host/fqdn@REALM is added.

Step

4.

Kill all the running daemons on the secondary security server, and

 

 

extract the service key by using the following commands:

#/sbin/init.d/krbsrv stop

#/opt/krb5/bin/kadmin <admin/principal> -R ext <service princ ipal name>

260

Chapter 9

Page 260
Image 260
HP UX Kerberos Data Security Software manual 260