Filter
Top Products
Administering the Kerberos Server
Maintenance Tasks
Chapter 8236
Maintenance Tasks
Following are the maintenance tasks associated with the Kerberos
server:
• “Protecting Security Server Secrets” on page 236
• “Backing Up primary security server Data” on page 237
Protecting Security Server Secrets
The Kerberos server stores the following types of secrets:
• host/fqdn@REALM service principal
• Master password
It is crucial that these secrets not be compromised. Performing simple
maintenance tasks and following password protection guidelines help
prevent security breaches.
host/fqdn@REALM
You require the host/fqdn@REALM service principal name for database
propagation. You must change this key by generating a new key,
extracting it to the server’s service key table file, and deleting the old key.
See “Maintaining Secret Keys in the Key Table File” on page 244, for
more information on performing these tasks.
NOTE During key generation and extraction of the host/fqdn@REALM principal,
the current service tickets become invalid; because service tickets are
created at each application logon, application users are not affected by
the update.
Master Password
You must enter the master password when installing a Kerberos server
and when using the principal database utilities. You must select a strong
password and make sure that it is kept safe from intruders. See
“Database Master Password” on page 228, for more information on
selecting and protecting the master password.