Filter
Top Products
Propagating the Kerberos Server
Configuring Multirealm Enterprises
Chapter 9 273
Multiple primary security servers Supporting a
Single Realm
You must have one primary security server for each realm if you have
distributed administrative groups in which each group maintains its own
realm information.
You cannot propagate changes from one primary security server to
another. You can only propagate changes from a primary security server
to a secondary security server. Therefore, when you have multiple
primary security servers supporting only a single database, you do need
not to change your propagation configuration from a single-realm
scheme.
Adding More Realms to a Multirealm Database
Before adding realms to a database, complete the following steps:
• Install the primary security server and create the database.
• Install each secondary security server and create their respective
databases.
• Create the first administrative principal, and assign permissions for
all realms of this principal.
In the next section, HP assumes that you have not yet configured
propagation before you start adding realms.
To add realms to the database, you can authenticate from a client using
the administrative principal account and run the remote administrator,
kadmin_ui, or you can log on to the primary security server and run the
local administrator, kadminl_ui.
When you are running administrator, add additional realms using the
Realms tab. For more information on creating realms, see “Realms Tab”
on page 193.
After adding all the realms to the database, you must decide on the
secondary security servers that support multiple realms.