After you install the Kerberos software, you must configure the Key Distribution Center (KDC) servers. Configuring the master KDC and at least one slave KDC provides the service that issues credentials. These credentials are the basis for the Kerberos service, so the KDCs must be configured before you attempt other tasks.
The most significant difference between a master KDC and a slave KDC is that only the master KDC can handle database administration requests. For instance, changing a password or adding a new principal must be done on the master KDC. These changes can then be propagated to the slave KDCs. Both the slave KDC and master KDC generate credentials. The slave KDCs provide redundancy when the master KDC cannot respond.
You can choose to configure and build the master KDC server, the database, and additional servers in various ways:
Automatic – Recommended for scripts
Interactive – Sufficient for most installations
Manual – Necessary for more complex installations
Manual with LDAP – Necessary when using LDAP with the KDC
|