Managing Kerberos and Other Authentication Services in Oracle® Solaris 11.2

Exit Print View

Updated: August 2014

How to Configure a Swappable Slave KDC

Perform this procedure in a realm that is using incremental propagation on the slave KDC server that you want to have available to become the master KDC.

Before You Begin

You must assume the root role. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.2 .

  1. Use alias names for the master KDC and the swappable slave KDC during the KDC installation.

    When you define the host names for the KDCs, make sure that each system has an alias included in DNS. Also, use the alias names when you define the hosts in the /etc/krb5/krb5.conf file.

  2. Install a slave KDC.

    Prior to any swap, this server should function like any other slave KDC in the realm. For more information, see How to Manually Configure a Slave KDC.

  3. After installation, move the master KDC commands.

    The master KDC commands must not be run from this slave KDC.

    kdc4 # mv /usr/lib/krb5/kprop /usr/lib/krb5/
    kdc4 # mv /usr/lib/krb5/kadmind /usr/lib/krb5/
    kdc4 # mv /usr/sbin/kadmin.local /usr/sbin/