Configuring the Primary and Secondary Security Server
Configuring the Secondary Security Servers with C-Tree
Chapter 7104
Creating a host/<fqdn> Principal and Extracting the
Key
To allow principal database propagation, each secondary security server
must contain a host/<fqdn> principal. You must also extract the key for
the host/<fqdn> principal to that service key table file of the server.
You can create a host/<fqdn> principal and extract its key on a
secondary security server by using the same procedure that is used on
the primary security server. You need not log on as a root user to perform
these tasks on a secondary security server. You can run kadmin and log
on using the administrative principal name and password when
prompted. For more information, see “Create the host/<fqdn> Principal
and Extracting the Service Key” on page 98.
Each KDC must have a host service principal in the Kerberos database.
You can create a host service principal from any host if the kadmind
daemon is running.
