Configuration

Manual Configuration Of The Kerberos Server

Manual Configuration Of The Kerberos Server

The following sections of this chapter describe the procedure to manually configure your Security Servers. We recommend that you use the auto-configuration tool to setup your basic Kerberos Security Server. For more information on auto-configuration, refer to “Auto-Configuration of the Security Server” on page 64.

The Key Distribution Center (KDC) issues Kerberos tickets. Each KDC contains a copy of the Kerberos database. The Primary Security Server contains the master copy of the database that is propagated to all the Secondary Security Servers, at regular intervals. All database changes, such as password changes, are made on the Primary Security Server.

Usually, a Secondary Security Server provides Kerberos ticket-granting services, but not database administration. This allows clients to continue to obtain tickets when the Primary Security Server is unavailable.

We recommend that you install your Kerberos Security Server to be able to function as either the Primary or one of the Secondary Servers. This will enable you to easily switch between your Primary Security Server with one of the Secondary Security Servers, if necessary. The installation procedure described below is based on this recommendation.

The subsequent sections describe the configuration files and a systematic series of steps required to manually configure your Primary and Secondary Security Servers.

Editing the Configuration Files

The Kerberos Security Server can be configured with two Kerberos files, namely:

the configuration file - krb.conf

the realms file - krb.realms

The Configuration file, krb.conf, specifies the Security Servers available for client authentication and defines the default realm for the host. The Realms file, krb.realms, defines the host-to-realmor domain-to-realmmapping data. The following sections contain a detailed discussion on these two files.

Chapter 5

67

Page 67
Image 67
HP UX Kerberos Data Security Software manual Manual Configuration Of The Kerberos Server, Editing the Configuration Files