Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i
Configuration
Configuring The Secondary Security Servers
Chapter 5 89
Configuring The Secondary Security Servers
You are now ready to start configuring the secondary security servers.
Assuming that you are setting up the Primary Security Server so that
you can easily switch the Primary Security Server with one of the
Secondary Servers, you should perform each of the steps on the Primary
Server as well as on the Secondary Server.
All Secondary Security Servers require three basic configuration tasks as
listed below:
• Create the principal database
• Copy the Kerberos configuration file
• Create a host/<fqdn> principal and extract its key
Refer to the Chapter, “Propagation” on page 207, for more information on
configuring the Secondary Security Server for Propagation.
Create the Principal Database
By default, the Kerberos Security Server uses 3DES to encrypt the
principal database. Therefore, if you are adding a Secondary Security
Server to an existing deployment where DES encryption is used to secure
its principal database, create the databaseafter installation invoking the
following command:
kdb_create -s -e enctype
where enctype is either 1 for DES-CBC-CRC or 3 for DES-CBC-MD5.
Copy the Kerberos Configuration File
For the greatest flexibility for hierarchical propagation, each Secondary
Server must have a copy of the Kerberos configuration file from the
Primary Server. The default path and file name is:
/opt/krb5/krb.conf