How To Rebuild The Kerberos Database - IBM RS/6000 SP Problem Determination Manual

This soft copy for use by IBM employees only.
3.8.8 PTF Levels
Ensure that the Control Workstation and all the nodes are at the same PTF level.
3.8.9 Rebuild the Kerberos Database
If all else fails, the Kerberos authentication database may be completely
re-created. The following steps may be used to achieve this.
Note: This procedure does not require the user to reboot the nodes.
Figure 40. How to Rebuild the Kerberos Database
1. Ensure the following directories are included in your PATH:
•
/usr/lpp/ssp/kerberos/etc
•
/usr/lpp/ssp/kerberos/bin
• /usr/lpp/ssp/bin
kdb_destroy
2. (delete the kerberos database)
kdestroy
3. (delete all current tickets)
rm /.k
4. (delete the master key cache file)
rm $HOME/.klogin
5.
rm /etc/krb*
6. (delete the Kerberos configuration files)
chitab "kadm:2:off:/usr/lpp/spp/kerberos/etc/kadmind -n"
7.
chitab "kerb:2:off:/usr/lpp/spp/kerberos/etc/kerberos"
telint 2
8. (refresh inittab)
stopsrc -s hardmon
9.
setup_authent
10.
spbootins -r customize -l $NODELIST
11.
(where $NODELIST is a comma-separated list of node numbers)
startsrc -s hardmon
12.
telinit 2
13. - Restart the Kerberos daemons
14. ext_srvtab -n $NODENAMES
(where $NODENAMES is a comma-separated list of node names).
This creates files called <nodename>-new-srvtab in the current
directory). You should run this command against all interfaces, then
you should concatenate those file before transfer them to the nodes.
15. ftp the files created in Step 14 to their respective nodes.
Place the files in /etc and name them krb-srvtab.
16. Check that /etc/krb.conf has the entry rcmd.CWname.Realm
(where Realm is the realm specified in /etc/krb.realms).
17. Check /etc/krb.conf and /etc/krb.realms on all nodes.
(These files should be the same as the ones on the Control Workstation.)
dsh -a id
18. From the CW:
dsh -w node2 id
19. From the node1:
spbootins -r disk -l $NODELIST
20.
(Check that kerberos works.)
85
Chapter 3. K e r b e r o s