Configuring the Primary and Secondary Security Server
Configuring the Primary Security Server
Chapter 7 99
The host/<fqdn> principal is not automatically added to the principal
database during security server software installation; you must
manually add the host/<fqdn> principal using the kadminl_ui or
kadminl command.
NOTE You must log on as a root user, on the primary security server, to add the
host/<fqdn> principal to the database.
HP recommends that you create a host/<fqdn> principal and extract its
service key using the ktutil command. To do this, type the following
command at the prompt:
# kadminl -R “ext host/<fqdn>”
The host/<fqdn> is added to the principal database, along with a
random key. The random key is added to the service key table. To verify
that these operations are successful, use the ktutil-k command to list
the contents of the key table file. The existence of a host/entry file
indicates that the principal has been successfully added to the database
with a random key.
NOTE Propagation is disabled if you select LDAP as your backend database.
Check with your LDAP administrator, for more information about
propagation of information on the LDAP Server.
Start the Kerberos Daemons
You can use the krbsetup tool to start the following Kerberos daemons:
• kdcd
• kadmind
NOTE You cannot use the krbsetup tool to start the kpropd daemon. Start the
kpropd daemon manually.