HP UX Kerberos Data Security Software manual Converting a Secondary Server to a Primary Server

Step

4.

Verify that the date/time is the same among all security servers.

Synchronize time on all the servers to match the primary security server

time.

Step

5.

Check resource utilization on the server. If there is 100 percent

utilization of a file system, it can prevent kpropd from building queue

files, which will cause propagation to stall or fail. Remove unnecessary

files, and archive log files.

Step

6.

Restart the daemons as described in the“Setting Up Propagation” on

page 224 section.

If you encounter the error message:

TGS: Error processing request from host

after installing a new secondary server and attempting propagation,

restart the daemons on the secondary server after the full dump has

completed.

Converting a Secondary Server to a Primary Server

You may need to convert a secondary server to a primary server, for

instance, during disaster recovery. To do this, we recommend reinstalling

the Kerberos Server software as follows:

Step

1.

Verify the secondary server has an up-to-date copy of the principal

database. You may need to initiate a full dump of the database from the

current primary server. If your primary server has failed and you cannot

perform a full database dump or view the primary log files, review the

secondary server propagation log files to determine which secondary

server has the most recent database copy. Then copy the principal.* files

from the secondary server that has most recently successfully received

propagation data to the secondary server being converted to the primary.

Note that any changes that were made to the primary database before

the failure, but after the last successful propagation, are lost and must

be re-created.

Step

2.

Retrieve the following files, either from the primary security server or

from the most recent primary security server backup.

236

Chapter 7