Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

Set Up the Slave KDCs for Database Propagation

The database is propagated from the master KDC to the slave KDCs via the kpropd daemon. To set up propagation, create a file on each KDC, named /usr/local/var/krb5kdc/kpropd.acl, containing the principals for each of the KDCs. For example, if the master KDC were kerberos.mit.edu, the slave KDCs were kerberos-1.mit.edu and kerberos-2.mit.edu, and the realm were ATHENA.MIT.EDU, then the file's contents would be:

     host/[email protected]
     host/[email protected]
     host/[email protected]
     

Then, add the following lines to /etc/inetd.conf file on each KDC (the line beginnng with => is a continuation of the previous line):

     krb5_prop stream tcp nowait root /usr/local/sbin/kpropd kpropd
     eklogin   stream tcp nowait root /usr/local/sbin/klogind
     => klogind -k -c -e
     

The first line sets up the kpropd database propagation daemon. The second line sets up the eklogin daemon, allowing Kerberos-authenticated, encrypted rlogin to the KDC.

You also need to add the following lines to /etc/services on each KDC:

     kerberos        88/udp      kdc       # Kerberos authentication (udp)
     kerberos        88/tcp      kdc       # Kerberos authentication (tcp)
     krb5_prop       754/tcp               # Kerberos slave propagation
     kerberos-adm    749/tcp               # Kerberos 5 admin/changepw (tcp)
     kerberos-adm    749/udp               # Kerberos 5 admin/changepw (udp)
     eklogin         2105/tcp              # Kerberos encrypted rlogin
     

 
 
  © 1985-2006 by the Massachusetts Institute of Technology - Reproduced with permission. Design by Interspire