(heimdal.info.gz) Slave Servers
Info Catalog
(heimdal.info.gz) Testing clients and servers
(heimdal.info.gz) Setting up a realm
(heimdal.info.gz) Incremental propagation
4.10 Slave servers, Incremental propagation, Testing clients and servers, Setting up a realm
============================================================================================
It is desirable to have at least one backup (slave) server in case the
master server fails. It is possible to have any number of such slave
servers but more than three usually doesn't buy much more redundancy.
All Kerberos servers for a realm must have the same database so that
they present the same service to the users. The `hprop' program,
running on the master, will propagate the database to the slaves,
running `hpropd' processes.
Every slave needs a database directory, the master key (if it was used
for the database) and a keytab with the principal `hprop/HOSTNAME'.
Add the principal with the `ktutil' command and start `hpropd', as
follows:
slave# ktutil get -p foo/admin hprop/`hostname`
slave# mkdir /var/heimdal
slave# hpropd
The master will use the principal `kadmin/hprop' to authenticate to the
slaves. This principal should be added when running `kadmin -l init'
but if you do not have it in your database for whatever reason, please
add it with `kadmin -l add'.
Then run `hprop' on the master:
master# hprop slave
This was just an hands-on example to make sure that everything was
working properly. Doing it manually is of course the wrong way, and to
automate this you will want to start `hpropd' from `inetd' on the
slave(s) and regularly run `hprop' on the master to regularly propagate
the database. Starting the propagation once an hour from `cron' is
probably a good idea.
Info Catalog
(heimdal.info.gz) Testing clients and servers
(heimdal.info.gz) Setting up a realm
(heimdal.info.gz) Incremental propagation
automatically generated byinfo2html