Go to main content

Managing Kerberos and Other Authentication Services in Oracle® Solaris 11.3

Exit Print View

Updated: May 2019
 
 

Administering the Kerberos Database

The Kerberos database is the backbone of Kerberos and must be maintained properly. This section provides some procedures for administering the Kerberos database, such as backing up and restoring the database, setting up incremental or parallel propagation, and administering the stash file. The steps to initially set up the database are in MIT Kerberos Installation Guide.

How to Convert a Kerberos Database After a Server Upgrade

If your KDC database was created on a server that was running an old release, converting the database enables you to take advantage of the improved database format.

Before You Begin

Use this procedure only if the database is using an older format.

On the KDC master, you must assume the root role. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.3.

  1. On the master, stop the KDC daemons.
    kdc1# svcadm disable network/security/krb5kdc
    kdc1# svcadm disable network/security/kadmin
  2. Create a directory to store a temporary copy of the database.
    kdc1# mkdir /var/krb5/tmp
    kdc1# chmod 700 /var/krb5/tmp
  3. Dump the KDC database.
    kdc1# kdb5_util dump /var/krb5/tmp/prdb.txt
  4. Save copies of the current database files.
    kdc1# cd /var/krb5
    kdc1# mv princ* tmp/
  5. Load the database.
    kdc1# kdb5_util load /var/krb5/tmp/prdb.txt
  6. Start the KDC daemons.
    kdc1# svcadm enable -r network/security/krb5kdc
    kdc1# svcadm enable -r network/security/kadmin