Propagating the Kerberos Server
Monitoring Propagation
Chapter 9270
If you encounter the following error message after installing a new
secondary security server and attempting propagation, restart the
daemons on the secondary security server after the full dump is
complete:
TGS: Error processing request from host
Converting a secondary security server to a primary
security server
You may need to convert a secondary security server to a primary
security server, for instance, during disaster recovery. During such
circumstances, HP recommends that you to reinstall the Kerberos server.
To convert a secondary security server to a primary security server,
complete the following steps:
Step 1. Verify that the secondary security server has an up-to-date copy of the
principal database. You may need to initiate a full dump of the database
from the current primary security server. If your primary security server
fails and you cannot perform a full database dump or view the primary
log files, review the secondary security server propagation log files to
determine the secondary security server that contains the latest copy of
the database. Then, copy the principal.* files from the secondary
security server that contains the recently received propagation data to
the secondary security server being converted to the primary. Any
changes that are made to the primary database before the failure, but
after the last successful propagation, are lost and must be recreated.
Step 2. Retrieve the following files, from the primary security server or from the
most recent primary security server backup:
• /opt/krb5/.k5.REALM, where REALM is the default realm of the
server
• krb.conf
• krb.realms
• admin_acl_file
• password.policy
• kpropd.ini
Step 3. Archive the principal.* files on the secondary security server.
