[1541] in Kerberos
Re: Backing up a Kerberos server
daemon@ATHENA.MIT.EDU (David Joyner)
Wed Sep 4 11:56:50 1991
Date: 4 Sep 91 13:56:44 GMT
From: david@unity.ncsu.edu (David Joyner)
To: kerberos@shelby.Stanford.EDU
In article <9109040433.AA00817@bill-the-cat.MIT.EDU> Raeburn@MIT.EDU (Ken Raeburn) writes:
>
> If the master Kerberos database gets corrupted during an update and the
> problem goes unnoticed the slaves will be propagated with a corrupt
> or at least damaged database. Since the slaves' database was your
> backup, you're in big trouble...
>
>Running with inconsistent databases isn't as serious a problem, but is
>likely to be extremely annoying. A user might have to run "kinit" or
>attempt to log in several times if the master is being slow, because
>they'll have to try a couple different passwords, and hope they get
>the right one for the machine that happened to answer each time. It's
>best to try to minimize this lossage.
>
>What sort of database integrity checks would you make before running
>the propagation manually?
I wasn't proposing database integrity checks. The point I was trying to
make is that if you "backup" your kerberos servers as described, your
backup copies can be wiped out with a single kprop.
--
David B. Joyner david@unity.ncsu.edu
Unix Systems Programmer -or-
NCSU Computing Center david_joyner@ncsu.edu
