Propagating the Kerberos Server
Monitoring Propagation
If you encounter the following error message after installing a new secondary security server and attempting propagation, restart the daemons on the secondary security server after the full dump is complete:
TGS: Error processing request from host
| Converting a secondary security server to a primary | |
| security server | |
| You may need to convert a secondary security server to a primary | |
| security server, for instance, during disaster recovery. During such | |
| circumstances, HP recommends that you to reinstall the Kerberos server. | |
| To convert a secondary security server to a primary security server, | |
| complete the following steps: | |
Step | 1. Verify that the secondary security server has an | |
| principal database. You may need to initiate a full dump of the database | |
| from the current primary security server. If your primary security server | |
| fails and you cannot perform a full database dump or view the primary | |
| log files, review the secondary security server propagation log files to | |
| determine the secondary security server that contains the latest copy of | |
| the database. Then, copy the principal.* files from the secondary | |
| security server that contains the recently received propagation data to | |
| the secondary security server being converted to the primary. Any | |
| changes that are made to the primary database before the failure, but | |
| after the last successful propagation, are lost and must be recreated. | |
Step | 2. Retrieve the following files, from the primary security server or from the | |
| most recent primary security server backup: | |
| • /opt/krb5/.k5.REALM, where REALM is the default realm of the | |
|
| server |
| • | krb.conf |
| • | krb.realms |
| • | admin_acl_file |
| • | password.policy |
| • | kpropd.ini |
Step | 3. Archive the principal.* files on the secondary security server. |
270 | Chapter 9 |