Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i
Administration
Maintenance Tasks
Chapter 6 201
Maintenance Tasks
There are various maintenance tasks associated with Kerberos
Security Servers. This section describes:
• Protecting Security Server Secrets
• Backing Up Primary Server Data
Protecting Security Server Secrets
Kerberos Security Server stores two types of secrets, namely:
• host/fqdn@REALM service prinicpal
• Master Password
It is crucial that these secrets not be compromised. Performing simple
maintenance tasks and following password protection guidelines helps
prevent security breaches.
host/fqdn@REALM
The host/fqdn@REALM service principal name is required for database
propagation. You should change this key by generating a new key,
extracting it to the server’s service key table file and deleting the old key.
Refer to “Maintaining Secret Keys In The Key Table File” on page 210,
for more information on performing these tasks.
NOTE During key generation and extraction of the host/fqdn@REALM principal,
the current service tickets become invalid; but since service tickets are
created at each application logon, applications users will not be affected
by the update.
Master Password
The master password is entered during installation of a security server
and is used while using the principal database utilities. You must select
a strong password and make sure that it is kept safe from intruders.
Refer to “Database Master Password” on page 194, for more information
on selecting and protecting the master password.