Manualshelf

Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i

ManualsBrandsHP ManualsSoftwareHP-UX Kerberos Data Security Software
241242243244245246247248249250
Propagation
Configuring for Multi-realm Enterprises
Chapter 7 241
You can follow the standard propagation configuration if you have
configured a multi-realm environment that has only one realm for every
Primary Security Server. In other words, you have multiple Primary
Security Servers or if you want to propagate all realms from the Primary
Server to each Secondary Server, follow the steps mentioned below.
In the following steps, we assume you are familiar with the propagation
setup procedure. Refer to, “Propagation Hierarchy” on page 209, for
details.
To Configure a propagation in a multi-realm environment
Step 1. Edit the Kerberos configuration file, krb.conf, on the Primary Server to
contain one entry for each Secondary Server that supports a given realm.
If a Secondary Server supports more than one realm, you must add
multiple entries to the file for that server, one for each supported realm.
Be sure to also add one primary server entry for each realm that the
primary server supports. Once all entries are added, save and close the
file.
Step 2. Run the mkpropcf utility to create an initial version of the kpropd.ini
file or registry key.
Step 3. You must edit the file/registry key to contain the correct information
for your propagation design. For instance, if you want to propagate only
certain realms to a selected secondary server, you must edit the
entry/key for the parent of that server to indicate only the required
realms. For more information on indicating only select realms to
propagate, refer to the kpropd.ini manpage.
Step 4. Once you have configured the primary server’s kpropd.ini correctly,
follow the propagation configuration steps.
Note that on each Kerberos Security Server, you need to only extract
a host/key for the primary server’s default realm, not each realm that
the secondary server supports. Even if the secondary server does not
support the primary server’sdefault realm, youmust still createa host/
principal for the secondary server and extract the key to the secondary
server’s key table file.