Installing Slave KDC
Austin Gonyou
austin at coremetrics.com
Thu Jul 11 18:03:20 EDT 2002
On Thu, 2002-07-11 at 16:51, Monica Lau wrote:
> Hi all,
>
...
> However, now, I want to change the kdc names to "kdcmaster" and
> "kdcslave." I added these names to the /etc/hosts file, updated
> krb5.conf file, and I wiped out the database to start all over again
> (removed principal* files, keytab files, log files, killed the krb5kdc
> and kadmind processes). I added the principals host/kdcmaster and
> host/kdcslave, but when I tried to propagate the database, I got the
> same error message above in the log files. Why is this? Is there
> something that I've forgotten to update? Why does it keep asking for
> the principals host/mlau and host/lynxos?
Simple way to do it is via hosts, but a keytab entry must still exists,
so you'll have to add host principals for the new names as well.
> Furthermore, why doesn't the kadm5.acl file get propagated over to the
> slave KDC?
This should not, because if you have multiple realms...you may have
backup servers for each realm, and not all. Therefore, for security,
you'd *not* want to propagate the ACL file. You *could* rsync it..which
does work fine as well, even for replication.
> Again, thank you very much for your time and help.
>
> Regards,
>
> Monica
>
>
>
>
>
> ______________________________________________________________________
> Do You Yahoo!?
> New! SBC Yahoo! Dial - 1st Month Free & unlimited access
--
Austin Gonyou <austin at coremetrics.com>
Coremetrics, Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: This is a digitally signed message part
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20020711/04977bcd/attachment.bin
More information about the Kerberos
mailing list