On Thu, 2002-07-11 at 16:51, Monica Lau wrote: > Hi all, > ... > However, now, I want to change the kdc names to "kdcmaster" and > "kdcslave." I added these names to the /etc/hosts file, updated > krb5.conf file, and I wiped out the database to start all over again > (removed principal* files, keytab files, log files, killed the krb5kdc > and kadmind processes). I added the principals host/kdcmaster and > host/kdcslave, but when I tried to propagate the database, I got the > same error message above in the log files. Why is this? Is there > something that I've forgotten to update? Why does it keep asking for > the principals host/mlau and host/lynxos?
Simple way to do it is via hosts, but a keytab entry must still exists, so you'll have to add host principals for the new names as well. > Furthermore, why doesn't the kadm5.acl file get propagated over to the > slave KDC? This should not, because if you have multiple realms...you may have backup servers for each realm, and not all. Therefore, for security, you'd *not* want to propagate the ACL file. You *could* rsync it..which does work fine as well, even for replication. > Again, thank you very much for your time and help. > > Regards, > > Monica > > > > > > ______________________________________________________________________ > Do You Yahoo!? > New! SBC Yahoo! Dial - 1st Month Free & unlimited access -- Austin Gonyou <[EMAIL PROTECTED]> Coremetrics, Inc.
signature.asc
Description: This is a digitally signed message part
