| Configuring for |
| You can follow the standard propagation configuration if you have |
| configured a |
| Primary Security Server. In other words, you have multiple Primary |
| Security Servers or if you want to propagate all realms from the Primary |
| Server to each Secondary Server, follow the steps mentioned below. |
| In the following steps, we assume you are familiar with the propagation |
| setup procedure. Refer to, Chapter 7, “Propagation,” on page 207, for |
| more details. |
| To Configure a propagation in a |
Step | 1. Edit the Kerberos configuration file, krb.conf, on the Primary Server to |
| contain one entry for each Secondary Server that supports a given realm. |
| If a Secondary Server supports more than one realm, you must add |
| multiple entries to the file for that server, one for each supported realm. |
| Be sure to also add one primary server entry for each realm that the |
| primary server supports. Once all entries are added, save and close the |
| file. |
Step | 2. Run the kpropd utility to create an initial version of the kpropd.ini file |
| or registry key. |
Step | 3. You must edit the file/registry key to contain the correct information |
| for your propagation design. For instance, if you want to propagate only |
| certain realms to a selected secondary server, you must edit the |
| entry/key for the parent of that server to indicate only the required |
| realms. For more information on indicating only select realms to |
| propagate, refer to the kpropd.ini manpage. |
Step | 4. Once you have configured the primary server’s kpropd.ini correctly, |
| follow the propagation configuration steps. |
| Note that on each Kerberos Security Server, you need to only extract |
| a host/key for the primary server’s default realm, not each realm that |
| the secondary server supports. Even if the secondary server does not |
| support the primary server’s default realm, you must still create a host/ |
| principal for the secondary server and extract the key to the secondary |
| server’s key table file. |
Chapter 8 | 249 |