Manualshelf

Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i

ManualsBrandsHP ManualsSoftwareHP-UX Kerberos Data Security Software
61626364656667686970
Configuration
Manual Configuration Of The Kerberos Server
Chapter 5 67
Manual Configuration Of The Kerberos Server
The following sections of this chapter describe the procedure to manually
configure your Security Servers. We recommend that you use the
auto-configuration tool to setup your basic Kerberos Security Server.
For more information on auto-configuration, refer to Auto-Configuration
of the Security Server” on page 64.
The Key Distribution Center (KDC) issues Kerberos tickets. Each KDC
contains a copy of the Kerberos database. The Primary Security Server
contains the master copy of the database that is propagated to all the
Secondary Security Servers, at regular intervals. All database changes,
such as password changes, are made on the Primary Security Server.
Usually, a Secondary Security Server provides Kerberos ticket-granting
services, but not database administration. This allows clients to continue
to obtain tickets when the Primary Security Server is unavailable.
We recommend that you install your Kerberos Security Server to be able
to function as either the Primary or one of the Secondary Servers. This
will enable you to easily switch between your Primary Security Server
with one of the Secondary Security Servers, if necessary. The installation
procedure described below is based on this recommendation.
The subsequent sections describethe configuration filesand a systematic
series of steps required to manually configure your Primary and
Secondary Security Servers.
Editing the Configuration Files
The Kerberos Security Server can be configured with two Kerberos
files, namely:
the configuration file - krb.conf
the realms file - krb.realms
The Configuration file, krb.conf, specifies the Security Servers available
for client authentication and defines the default realm for the host. The
Realms file, krb.realms, defines the host-to-realm or
domain-to-realm mapping data. The following sections contain a
detailed discussion on these two files.