Filter
Top Products
Administering the Kerberos Server
Maintenance Tasks
Chapter 8 237
Backing Up primary security server Data
Save the copied information to a CD or tape — whatever your preferred
archive method is.
Be aware that primary security server files contain sensitive
information; therefore, do not copy files unless you intend to properly
secure the backup copies.
Be sure to make backup copies of the following:
• admin_acl_file
• password.policy (password.pol)
• Principal database files
• krb.conf
Certain files contain extremely sensitive information, and HP
recommends that you do not make backup copies of the following files:
• .k5.REALM — Instead, recreate this file by using the kdb_stash
utility. You must know the master password and specify the correct
encryption type to run this utility.
• v5srvtab — Instead, recreate this file by re-extracting the key for
any service principal contained in the file — Typically, the
host/principal for the primary security server.
Backing Up the Principal Database
If you have a server architecture that uses a second level of propagation
servers, you can back up your principal database with minimal effect on
application users. See Chapter 9, “Propagating the Kerberos Server,” on
page 241.
NOTE If you do not use secondary security servers as propagation servers, you
can temporarily halt propagation to one of the secondary security servers
acting as an authentication server, provided you have a properly
configured redundant server.
To back up your principal database, complete the following steps:
Step 1. Stop the services and daemons.