Propagating the Kerberos Server

Monitoring Propagation

If you encounter the following error message after installing a new secondary security server and attempting propagation, restart the daemons on the secondary security server after the full dump is complete:

TGS: Error processing request from host

 

Converting a secondary security server to a primary

 

security server

 

You may need to convert a secondary security server to a primary

 

security server, for instance, during disaster recovery. During such

 

circumstances, HP recommends that you to reinstall the Kerberos server.

 

To convert a secondary security server to a primary security server,

 

complete the following steps:

Step

1. Verify that the secondary security server has an up-to-date copy of the

 

principal database. You may need to initiate a full dump of the database

 

from the current primary security server. If your primary security server

 

fails and you cannot perform a full database dump or view the primary

 

log files, review the secondary security server propagation log files to

 

determine the secondary security server that contains the latest copy of

 

the database. Then, copy the principal.* files from the secondary

 

security server that contains the recently received propagation data to

 

the secondary security server being converted to the primary. Any

 

changes that are made to the primary database before the failure, but

 

after the last successful propagation, are lost and must be recreated.

Step

2. Retrieve the following files, from the primary security server or from the

 

most recent primary security server backup:

 

/opt/krb5/.k5.REALM, where REALM is the default realm of the

 

 

server

 

krb.conf

 

krb.realms

 

admin_acl_file

 

password.policy

 

kpropd.ini

Step

3. Archive the principal.* files on the secondary security server.

270

Chapter 9

Page 270
Image 270
HP UX Kerberos Data Security Software manual Converting a secondary security server to a primary, Security server