Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i

Administration

Backing Up Primary Server Data

Chapter 6202

Backing Up Primary Server Data

It is a good idea to backup the several critical primary server ﬁles. Save

the copied information to a CD or tape - whatever your preferred archive

method is.

Be aware that primary server ﬁles contain sensitive information;

therefore, you should not copy these unless you intend to properly secure

the backup copies.

Ensure to make backup copies of the following:

• admin_acl_file

• password.policy (password.pol)

• principal database ﬁles

• krb.conf

Certain ﬁles contain extremely sensitive information, and we

recommend that you do not make back up copies of the following ﬁles:

• .k5.REALM - Instead, recreate this ﬁle by running the kdb_stash

utility. You must be aware of the master password and specify the

correct encryption type to run this utility.

• v5srvtab - Instead, recreate this ﬁle by re-extracting the key for any

service principal contained in the ﬁle. Typically the host/principal

for the primary server.

Special Note on Backing up the Principal Database

If you have a server architecture that uses a second level of propagation

servers, you can make a backup of your principal database with minimal

affect on application users. Refer to Chapter 7, “Propagation,” on

page 207.

NOTE If you do not use secondary servers as propagation servers, you can

choose to temporarily halt propagation to one of the secondary servers

acting as an authentication server, provided you have properly

conﬁgured a redundant server.