Administration

Backing Up Primary Server Data

Backing Up Primary Server Data

It is a good idea to backup the several critical primary server files. Save the copied information to a CD or tape - whatever your preferred archive method is.

Be aware that primary server files contain sensitive information; therefore, you should not copy these unless you intend to properly secure the backup copies.

Ensure to make backup copies of the following:

admin_acl_file

password.policy (password.pol)

principal database files

krb.conf

Certain files contain extremely sensitive information, and we recommend that you do not make back up copies of the following files:

.k5.REALM - Instead, recreate this file by running the kdb_stash utility. You must be aware of the master password and specify the correct encryption type to run this utility.

v5srvtab - Instead, recreate this file by re-extracting the key for any service principal contained in the file. Typically the host/principal for the primary server.

 

Special Note on Backing up the Principal Database

 

If you have a server architecture that uses a second level of propagation

 

servers, you can make a backup of your principal database with minimal

 

affect on application users. Refer to Chapter 7, “Propagation,” on

 

page 207.

 

If you do not use secondary servers as propagation servers, you can

NOTE

 

choose to temporarily halt propagation to one of the secondary servers

 

acting as an authentication server, provided you have properly

 

configured a redundant server.

 

 

202

Chapter 6

Page 201 Page 203
Page 202
Image 202
HP UX Kerberos Data Security Software Backing Up Primary Server Data, Special Note on Backing up the Principal Database
Page 201 Page 203
Top Page Image Contents