Jump to content United States-English
HP.com Home Products and Services Support and Drivers Solutions How to Buy
» Contact HP
More options
HP.com home
 Installing, Configuring and Administering the Kerberos Server V 2.0 on HP-UX 11i: HP 9000 Networking > Chapter 6 Administration

Backing Up Primary Server Data
» 

Technical documentation

Complete book in PDF
» Feedback
Content starts here

 » Table of Contents

 » Glossary

 » Index

spacerspacerspacer
spacer
spacer
  		 
 

It is a good idea to backup the several critical primary server files. Save the copied information to a CD or tape - whatever your preferred archive method is.

Be aware that primary server files contain sensitive information; therefore, you should not copy these unless you intend to properly secure the backup copies.

Ensure to make backup copies of the following:

  • admin_acl_file

  • password.policy (password.pol)

  • principal database files

  • krb.conf

Certain files contain extremely sensitive information, and we recommend that you do not make back up copies of the following files:

  • .k5.REALM - Instead, recreate this file by running the kdb_stash utility. You must be aware of the master password and specify the correct encryption type to run this utility.

  • v5srvtab - Instead, recreate this file by re-extracting the key for any service principal contained in the file. Typically the host/principal for the primary server.

Special Note on Backing up the Principal Database

If you have a server architecture that uses a second level of propagation servers, you can make a backup of your principal database with minimal affect on application users. Refer to Chapter 7 “Propagation”.

NOTE: If you do not use secondary servers as propagation servers, you can choose to temporarily halt propagation to one of the secondary servers acting as an authentication server, provided you have properly configured a redundant server.

To perform backup:

  1. Stop the services and daemons

    • run this command as a root user

      /sbin/init.d/krbsrv stop

  2. Copy the principal.dat, principal.idx, and principal.ok files from one of the propagation servers to your desired destination. For example, CD-ROM or tape.

    • the files are located at /opt/krb5

  3. Restart the services and daemons

    • run this command as a root user

      # /opt/krb5/sbin/kpropd

    All the new principal database information that was recorded on the primary server during your database backup will be copied to each secondary server when propagation resumes.



Maintenance Tasks
  		 


Removing Unused Space From the Database  
Printable version
Privacy statement Using this site means you accept its terms Feedback to webmaster
© 2002 Hewlett-Packard Development Company, L.P.