The following sections describes the procedure for manually
configuring your KDC. We recommend you use the auto-configuration
tool to setup your KDC. For more information on auto-configuration,
refer to “Auto-Configuration of the Kerberos
Server”.
The Key Distribution Center (KDC) issues Kerberos tickets.
Each KDC contains a copy of the Kerberos database. The master KDC
contains the master copy of the database, which is propagated to
the slave KDC at regular intervals. All database changes, such as
password changes, are made on the master KDC.
Usually, a slave KDC provides Kerberos ticket-granting services, but not database
administration. This allows clients to continue to obtain tickets when
the master KDC is unavailable.
We recommend that you install your KDC to be able to function
as either the master or one of the slaves. This will enable you
to easily switch your master KDC with one of the slaves if necessary.
The installation procedure described below is based on this recommendation.
The subsequent sections describe the procedure to manually
configure the KDC.
Editing the Configuration
Files |
 |
Modify the configuration files, /etc/krb5.conf and var/adm/krb5/krb5kdc/kdc.conf to reflect the correct information, such as the
hostname and realm name, for your realm.
Refer to “Configuration Files for the Kerberos
Server”, for more information
on the Configuration files.
Printable version
