Configuration
Configuring The Secondary Security Servers
Configuring The Secondary Security Servers
You are now ready to start configuring the secondary security servers. Assuming that you are setting up the Primary Security Server so that you can easily switch the Primary Security Server with one of the Secondary Servers, you should perform each of the steps on the Primary Server as well as on the Secondary Server.
All Secondary Security Servers require three basic configuration tasks as listed below:
•Create the principal database
•Copy the Kerberos configuration file
•Create a host/<fqdn> principal and extract its key
Refer to the Chapter, “Propagation” on page 207, for more information on configuring the Secondary Security Server for Propagation.
Create the Principal Database
By default, the Kerberos Security Server uses 3DES to encrypt the principal database. Therefore, if you are adding a Secondary Security Server to an existing deployment where DES encryption is used to secure its principal database, create the database after installation invoking the following command:
kdb_create
where enctype is either 1 for
Copy the Kerberos Configuration File
For the greatest flexibility for hierarchical propagation, each Secondary Server must have a copy of the Kerberos configuration file from the Primary Server. The default path and file name is:
/opt/krb5/krb.conf
Chapter 5 | 89 |