From b8eda4d1242f0981f7ba759ef753d5fcdfe6cc96 Mon Sep 17 00:00:00 2001 From: Theodore Tso Date: Fri, 3 Mar 1995 23:05:21 +0000 Subject: [PATCH] Added preliminary text about slave servers git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@5072 dc483132-0cff-0310-8789-dd5450dbe970 --- doc/install.texi | 45 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 44 insertions(+), 1 deletion(-) diff --git a/doc/install.texi b/doc/install.texi index 481b2eeb7..910f63d55 100644 --- a/doc/install.texi +++ b/doc/install.texi @@ -8,7 +8,7 @@ @set EDITION pre-BETA 5 @set VERSION pre-BETA 5 -@set UPDATED January 1995 +@set UPDATED March 3, 1995 @ignore @iftex @@ -108,6 +108,7 @@ This is edition @value{EDITION}, for Kerberos V5 version @value{VERSION}. @c is: @c @c @node New Section Name + @c @section New Section Name @c @c M-x texinfo-every-node-update will take care of calculating the @@ -202,6 +203,11 @@ Installing the KDC * The Administration Server:: * Testing the Kerberos Server:: +Setting up Slave Kerberos Servers + +* Kerberos Slave Database Propagation:: +* Installing a Slave Server:: + A Sample Application * Installing the Sample Application:: @@ -1146,6 +1152,43 @@ starting itself. @node Setting up Slave Kerberos Servers, Inter-realm Kerberos Operation, Starting the Kerberos Server, Installing the KDC @subsection Setting up Slave Kerberos Servers +Slave Kerberos servers allow clients to be able to get Kerberos tickets +even when the Master server is not available. Users will not be able to +change their passwords --- changes can only be made to database on the +Master server; however, users will be able to authenticate to +application servers, which is critically important in a distributed +client-server environment. + +@menu +* Kerberos Slave Database Propagation:: +* Installing a Slave Server:: +@end menu + +@node Kerberos Slave Database Propagation, Installing a Slave Server, Setting up Slave Kerberos Servers, Setting up Slave Kerberos Servers +@subsubsection Kerberos Slave Database Propagation + +In order to propagate the Kerberos database from the Master server to +the slaves, the @samp{kprop} and @samp{kpropd} client/server programs +are used. Periodically, the Master server will dump the Kerberos +database out into an ASCII format, using the @samp{kdb5_edit} program. +The master server will then run @samp{kprop} to prograte the dumped +database file to each slave server. + +On the slave server, the @samp{kpropd} program is invoked out of +@samp{/etc/inetd} server. After @samp{kprop} and @samp{kpropd} have +mutually authenticated with one another, and @samp{kpropd} is satisfied +with the identity of the Master server, then the dumped ASCII database +is transferred to the slave server in an encrypted fashion. After the +database is transfered, @samp{kpropd} will then run @samp{kdb5_edit} +with the appropriate arguments in order to undump the database into a +usable form by the KDC on the slave server. + +@node Installing a Slave Server, , Kerberos Slave Database Propagation, Setting up Slave Kerberos Servers +@subsubsection Installing a Slave Server + +@b{To be written.} + + @node Inter-realm Kerberos Operation, The Administration Server, Setting up Slave Kerberos Servers, Installing the KDC @subsection Inter-realm Kerberos Operation -- 2.26.2