Next: Incremental propagation, Previous: Testing clients and servers, Up: Setting up a realm [Contents]
It is desirable to have at least one backup (slave) server in case the master server fails. It is possible to have any number of such slave servers but more than three usually doesn’t buy much more redundancy.
All Kerberos servers for a realm must have the same database so that
they present the same service to the users. The
hprop
program, running on the master, will propagate the database
to the slaves, running
hpropd
processes.
Every slave needs a database directory, the master key (if it was used
for the database) and a keytab with the principal
‘hprop/hostname’. Add the principal with the
ktutil
command and start
hpropd
, as follows:
slave# ktutil get -p foo/admin hprop/`hostname` slave# mkdir /var/heimdal slave# hpropd
The master will use the principal ‘kadmin/hprop’ to authenticate to the slaves. This principal should be added when running kadmin -l init but if you do not have it in your database for whatever reason, please add it with kadmin -l add.
master# hprop slave
This was just an hands-on example to make sure that everything was
working properly. Doing it manually is of course the wrong way, and to
automate this you will want to start
hpropd
from inetd
on the slave(s) and regularly run
hprop
on the master to regularly propagate the database.
Starting the propagation once an hour from cron
is probably a
good idea.
Next: Incremental propagation, Previous: Testing clients and servers, Up: Setting up a realm [Contents]