System Administration Guide: Security Services

ProcedureHow to Configure a Swappable Slave KDC

Perform this procedure on the slave KDC server that you want to have available to become the master KDC. This procedure assumes that you are using incremental propagation.

  1. Use alias names for the master KDC and the swappable slave KDC during the KDC installation.

    When you define the host names for the KDCs, make sure that each system has an alias included in DNS. Also, use the alias names when you define the hosts in the /etc/krb5/krb5.conf file.

  2. Follow the steps to install a slave KDC.

    Prior to any swap, this server should function as any other slave KDC in the realm. See How to Manually Configure a Slave KDC for instructions.

  3. Move the master KDC commands.

    To prevent the master KDC commands from being run from this slave KDC, move the kprop, kadmind, and kadmin.local commands to a reserved place.

    kdc4 # mv /usr/lib/krb5/kprop /usr/lib/krb5/
    kdc4 # mv /usr/lib/krb5/kadmind /usr/lib/krb5/
    kdc4 # mv /usr/sbin/kadmin.local /usr/sbin/