[1540] in Kerberos
Re: Backing up a Kerberos server
daemon@ATHENA.MIT.EDU (David Joyner)
Tue Sep 3 23:31:33 1991
Date: 4 Sep 91 02:24:25 GMT
From: david@unity.ncsu.edu (David Joyner)
To: kerberos@shelby.Stanford.EDU
In article <9109031833.AA03680@tsx-11.MIT.EDU> tytso@athena.mit.edu writes:
>
> Date: 3 Sep 91 15:06:16 GMT
> From: jnm@jnmsun.ctd.ornl.gov (Jamey Maze)
>
> What is the recommended way to backup a Kerberos server, assuming the
> system only provides Kerberos service (i.e., no NFS, etc. )?
>
>Given the sensitivity of the Kerberos database, what we've found at MIT
>is that the easist way to backup a Kerberos server is to setup one or
>more slave Kerberos servers, and do a nightly propagation of Kerberos
>database using kprop/kpropd. All you have to do to set up a slave
>server is to duplicate the configuration of the Master server, except
>that you don't run kadmind on a slaves server, and you run kpropd
>instead.
>
[stuff about physical security of the boxes deleted]
If the master Kerberos database gets corrupted during an update and the
problem goes unnoticed the slaves will be propagated with a corrupt
or at least damaged database. Since the slaves' database was your
backup, you're in big trouble...
--
David B. Joyner david@unity.ncsu.edu
Unix Systems Programmer -or-
NCSU Computing Center david_joyner@ncsu.edu
