Create Host Keys for the Slave KDCs - Kerberos V5 Installation Guide

Next: Extract Host Keytabs for the KDCs, Previous: Install the Slave KDCs, Up: Install the Slave KDCs

4.1.2.1 Create Host Keys for the Slave KDCs

Each KDC needs a host principal in the Kerberos database. You can enter these from any host, once the kadmind daemon is running. For example, if your master KDC were called kerberos.mit.edu, and you had two KDC slaves named kerberos-1.mit.edu and kerberos-2.mit.edu, you would type the following:

     shell% /usr/local/sbin/kadmin
     kadmin: addprinc -randkey host/kerberos.mit.edu
     NOTICE: no policy specified for "host/kerberos.mit.edu@ATHENA.MIT.EDU";
     assigning "default"
     Principal "host/kerberos.mit.edu@ATHENA.MIT.EDU" created.
     kadmin: addprinc -randkey host/kerberos-1.mit.edu
     NOTICE: no policy specified for "host/kerberos-1.mit.edu@ATHENA.MIT.EDU";
     assigning "default"
     Principal "host/kerberos-1.mit.edu@ATHENA.MIT.EDU" created.
     kadmin: addprinc -randkey host/kerberos-2.mit.edu
     NOTICE: no policy specified for "host/kerberos-2.mit.edu@ATHENA.MIT.EDU";
     assigning "default"
     Principal "host/kerberos-2.mit.edu@ATHENA.MIT.EDU" created.
     kadmin:

It is not actually necessary to have the master KDC server in the Kerberos database, but it can be handy if:

anyone will be logging into the machine as something other than root
you want to be able to swap the master KDC with one of the slaves if necessary.