Filter
Top Products
Configuring the Primary and Secondary Security Server
Configuring the Secondary Security Servers with C-Tree
Chapter 7 103
Configuring the Secondary Security Servers
with C-Tree
You can now configure the secondary security servers. Assuming that
you are setting up the primary security server so that you can easily
switch the primary security server with one of the secondary security
servers, you must perform each of the steps on the primary security
server as well as on the secondary security server.
All secondary security servers require the following basic configuration
tasks:
• Creating the principal database.
• Copying the Kerberos configuration files.
• Creating a host/<fqdn> principal and extract its key.
Creating the Principal Database
By default, the Kerberos security server uses DES3 to encrypt the
principal database. If you are using DES encryption to secure your
principal database, use the following command:
kdb_create -s -e enctype
where enctype is DES-CBC-CRC, DES-CBC-MD5, or DES3-CBC-MD5. You
can also specify 1 for DES-CBC-CRC, 3 for DES-CBC-MD5, and 5 for
DES3-CBC-MD5.
Copying the Kerberos Configuration File
Each secondary security server must have a copy of the Kerberos
configuration files from the primary security server. The following is the
default path and file name:
/opt/krb5/krb.conf
Following lists the default configuration files required on the secondary
security server:
• krb.conf
• krb.realms