Propagating the Kerberos Server
Monitoring Propagation
incremental database propagation. To ensure accurate results, dump the databases simultaneously when administrative activity is at a minimum. Under these conditions, consider a discrepancy of more than five principal entries to be significant.
•Authentication test to the primary security server succeeds, but fails on the secondary security server
The last step to confirm the
Following is a krb.conf file in which the secondary security server entries are commented out:
#FINANCE.BAMBI.COM fnc01.bambi.com #IT.BAMBI.COM it02.bambi.com NETWORK.BAMBI.COM netwrk05.bambi.com admin server
You need to authenticate from the machine with the new configuration file. If authentication succeeds continuously, you have your final clue that the
|
| The kdb_dump Utility |
|
| To view details of any discrepancy between a primary and secondary |
|
| principal database and to look for |
|
| database to a text file and compare the text files. You can dump the |
|
| databases by stopping the daemons or services and then using the |
|
| kdb_dump utility. You must stop the daemons before using kdb_dump. |
|
| To identify the difference between the primary and secondary security |
|
| server database, complete the following steps: |
Step | 1. | On a secondary security server, stop the daemons and execute the |
|
| following command at the |
|
| # /opt/krb5/admin/kdb_dump |
Step | 2. | From the primary security server, stop the daemons and execute the |
|
| following command at the |
# /opt/krb5/admin/kdb_dump
Chapter 9 | 267 |