* Put a disk in a sun.
* Look at /usr/kdc on jumpcore.umbc.edu – you'll find:
total 852246
drwxr-xr-x 3 kdc other 512 Aug 18 2006 .
drwxr-xr-x 41 root root 1024 Sep 11 2005 ..
drwxr-xr-x 2 kdc other 512 Sep 11 2005 .ssh
- rw-r--r-- 1 kdc other 20818099 Aug 13 2006 root.tar.gz.pgp
- rw-r--r-- 1 kdc other 71004342 Aug 18 2006 usr.k5s.tar.gz.pgp
- rw-r--r-- 1 kdc other 344258738 Aug 13 2006 usr.tar.gz.pgp
These are pgp-encrypted tar files of the /, /usr, and /usr/k5s filesystems from that server. The pgp key used to decrypt them is stored on a USB key located in a location known to the core systems staff. Another copy is kept at the home of the Director of Computing Infrastructure.
* Restore the stuff to the disk, run installboot on it, and fire it up.
I'll note, that the only time you'd have to restore the KDC is when the KDC and the secondary KDC were destroyed... which would suck, because that would mean both datacenters are toast. The machines, except for their hostnames and that one runs kadmind are duplicates of each other. Really. I dd'd the disks. And the master syncs its database to the slave every 15 minutes.