This section describes the steps you take to update Kerberos V4 on the primary control workstation.
Use this procedure to add principals for all the primary boot addresses (if the principals do not already exist.)
Some of the network interfaces configured on a regular control workstation become service addresses in the HACWS configuration. For example, a control workstation named sp_cws would have a network interface by the same name. When the SP system becomes an HACWS configuration, sp_cws becomes a service address. Since the service addresses in a rotating configuration rotate with their resource groups, the sp_cws network interface moves back and forth between the primary and backup control workstations.
When the sp_cws network interface is on the backup control workstation, the network adapter on the primary control workstation is known by an alternate name, such as sp_cws_bt. This alternate name is the boot address. The primary boot addresses need to be identified to Kerberos V4 so the backup control workstation can access authenticated services on the primary while the backup control workstation is acting as the system control workstation.
This example shows the procedure you should follow to add the Kerberos V4 principal rcmd, instance sp_cws_bt on the primary control workstation. Run the /usr/kerberos/etc/kdb_edit program as follows:
Enter Kerberos master key: kerberosMasterPassword
Previous or default values are in [brackets] , enter return to leave the same, or new value.
Principal name: rcmd
<Not found>, Create [y] ? <Enter>
Principal: rcmd, Instance: sp_cws_bt, kdc_key_ver: 1
New Password: rcmdPassword Verifying, please re-enter New Password: rcmdPassword
Principal's new key version = 1 Expiration date (enter yyyy-mm-dd) [ 2000-04-28 ] ? <Enter> Max ticket lifetime (*5 minutes) [ 255 ] ? <Enter> Attributes [ 0 ] ? <Enter> Edit O.K. Principal name: <Enter> # # <end_of_example>
This example shows the procedure you should follow to add the Kerberos V4 rcmd service key for each primary control workstation boot address.
Run the /usr/lpp/ssp/kerberos/bin/ksrvutil add command as follows:
Version number: 1
New principal: rcmd.sp_cws_bt@XYZ.COM; version 1
Is this correct? (y,n) <Enter>
Password: RcmdPassword Verifying, please re-enter Password: RcmdPassword
Key successfully added.
Would you like to add another key? (y,n) n
Old keyfile in /etc/krb-srvtab.old. # # <end_of_example>