Propagating the Kerberos Server
Setting Up Propagation
3.From the primary security server /opt/krb5/install directory, run the following command:
# mkpropcf
| This creates the kpropd.ini file, which defines your propagation |
| hierarchy. |
|
|
NOTE | If you do not want to use the default hierarchy structure (a |
| system), you must edit the kpropd.ini file to implement your |
| preferred hierarchy. For more information on this file, see “The |
| |
|
|
|
| 4. Copy the kpropd.ini file to the secondary security server. |
|
| 5. If you have configured a multitiered hierarchy, that is, if you have |
|
| secondary security servers that act as propagation parent servers, |
|
| copy the configuration file of the primary security server to each |
|
| secondary security server. |
Step | 2. | On the primary security server, add the admin principal and extract the |
|
| service key by using the following command: |
|
| # /opt/krb5/admin/kadminl |
Step | 3. | Extract the propagation principal on the primary security server, using |
|
| the following command: |
|
| # /opt/krb5/admin/kadminl |
|
| By default, host/fqdn@REALM is added. |
Step | 4. | Kill all the running daemons on the secondary security server, and |
|
| extract the service key by using the following commands: |
#/sbin/init.d/krbsrv stop
#/opt/krb5/bin/kadmin <admin/principal>
260 | Chapter 9 |