Skip navigation
2019

Typically, on an highly available Identity Manager deployment, initially the first server is configured and services such as the KDC (used for iOS Mobile SSO) are initialized. After that, this server is cloned and the 3-node cluster is formed.

 

The KDC service is usually initialized by running the following command:

 

/etc/init.d/vmware-kdc init --realm YOURKDCREALM.COM --subdomain yoursubdomain.com

 

 

There might be a case where you need to change the KDC realm or subdomain after the cluster is already up and running. If you simply run the vmware-kdc init (...) --force command on all servers, they will no longer share the same configuration and you will probably get error messages when configuring iOS Mobile SSO.

 

A solution for this is to re-configure KDC on the first IDM node, export this configuration and import it on the other nodes.

 

First IDM node:

In order to re-configure KDC, you can use the following command:

/etc/init.d/vmware-kdc init --realm YOURNEWKDCREALM.COM --subdomain yournewsubdomain.com --force

 

To export the new configuration, use the following command:

/etc/init.d/vmware-kdc dump <filename>

 

As a <filename> I normally use /tmp/kdc-cfg.tar

 

Use your preferred tool to copy the configuration file to the other servers.

 

 

Second and third nodes:

Change the ownership of the configuration file:

chown horizon <filename>

 

Re-configure KDC with the new parameters and then import the new configuration file:

/etc/init.d/vmware-kdc init --realm YOURNEWKDCREALM.COM --subdomain yournewsubdomain.com --force

/etc/init.d/vmware-kdc load --force <filename>

 

Restart the server

 

 

 

--

 

The postings on this site are my own and do not represent VMware’s positions, strategies or opinions.