Configuration

Configuring The Secondary Security Servers

Create a host/<fqdn> Principal and Extract Its Key

To allow principal database propagation, each Secondary Server must contain a host/<fqdn> principal. Also, the key for this principal must be extracted to that server’s service key table file.

Creating a host/<fqdn> principal and extracting its key is performed on a Secondary Server the same way it is performed on a Primary Server. Refer to “Create The host/<fqdn> principal And Extract Its Service Key” on page 82 under the Primary Security Server section for complete instructions.

You do not need to be logged on as a root user to perform these steps on a Secondary Server. Instead, you must run kadmin and logon using the administrative principal name and password when prompted for this information.

Each KDC needs a host service principal in the Kerberos database. You can create these from any host, once the kadmind daemon is running.

90

Chapter 5

Page 89 Page 91
Page 90
Image 90
HP UX Kerberos Data Security Software manual Create a host/fqdn Principal and Extract Its Key
Page 89 Page 91
Top Page Image Contents