Configuration

Create The host/<fqdn> principal And Extract Its Service Key

NOTE

Create The host/<fqdn> principal And Extract Its Service Key

To allow principal database propagation, the Primary Server must have a host/<fqdn> principal and the service key for this principal must be extracted to that server’s service key table file.

The host/<fqdn> principal is not automatically added to the principal database on installation of the Security Server software; it must be manually done using either kadminl_ui or kadminl.

You need to be logged in as a root user in order to execute the tasks mentioned above. These tasks must be performed on the Primary Security Server.

We recommend that you create a host/<fqdn> principal and extract its service key using ktutil. To do this, at the command prompt, type:

kadminl -R “ext host/<fqdn>”

The host/<fqdn> is added to the principal database, along with a random key. The random key is added to the service key table. To verify that these operations were successful, use the ktutil-lto list the contents of the key table file. The existence of a host/entry indicates that the principal was successfully added to the database with a random key.

82

Chapter 5