|
Size: 1542
Comment:
|
Size: 83
Comment: With the bases leodad you struck us out with that answer!
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| #pragma section-numbers off = New Krb slave setup = There's not much work to do when setting up Kerberos slave server, but there are some caveats. The procedure is as follows: * Setup krb client first as documented on SetupNewMachines * Install krb5-kdc on the server * Copy /etc/krb5kdc/kdc.conf from Hopper * Edit /etc/krb5kdc/kpropd.acl on all master and slave machines to list all Krb servers * Enable kpropd server in /etc/inetd.conf on the slave Then, attempt first database propagation from master server to new slave (the attempt will exit with an error because the database is not created on the slave server. And it shouldn't have to be, but it's currently a known bug in Krb): {{{ kdb5_util dump /var/lib/krb5kdc/slave_datatrans kprop NEWMACHINE.hcoop.net }}} Then, on slave, go to /var/lib/krb5kdc/ and do the following to create the database: * Remove all temporary files in there ('''rm *~*''') * Load database with '''kdb5_util load from_master''' * Restart KDC '''/etc/init.d/krb5-kdc restart''' After that, retry '''kprop''' which should succeed. Finally, edit ''/afs/hcoop.net/common/etc/scripts/hcoop-kprop'' and add section which propagates database to new machine, then '''tail -f /var/log/syslog''' on the slave and expect messages like this: {{{ Sep 23 07:24:01 hopper kpropd[22567]: Connection from deleuze.hcoop.net Sep 23 07:25:01 hopper kpropd[22569]: Connection from deleuze.hcoop.net Sep 23 07:26:01 hopper kpropd[22571]: Connection from deleuze.hcoop.net }}} |
With the bases leodad you struck us out with that answer! ---- CategoryCategory |
