HP UX Kerberos Data Security Software manual 201

NOTE

Administration

Maintenance Tasks

Maintenance Tasks

There are various maintenance tasks associated with Kerberos Security Servers. This section describes:

•Protecting Security Server Secrets

•Backing Up Primary Server Data

Protecting Security Server Secrets

Kerberos Security Server stores two types of secrets, namely:

•host/fqdn@REALM service prinicpal

•Master Password

It is crucial that these secrets not be compromised. Performing simple maintenance tasks and following password protection guidelines helps prevent security breaches.

host/fqdn@REALM

The host/fqdn@REALM service principal name is required for database propagation. You should change this key by generating a new key, extracting it to the server’s service key table file and deleting the old key. Refer to “Maintaining Secret Keys In The Key Table File” on page 210, for more information on performing these tasks.

During key generation and extraction of the host/fqdn@REALM principal, the current service tickets become invalid; but since service tickets are created at each application logon, applications users will not be affected by the update.

Master Password

The master password is entered during installation of a security server and is used while using the principal database utilities. You must select a strong password and make sure that it is kept safe from intruders.

Refer to “Database Master Password” on page 194, for more information on selecting and protecting the master password.